mpiraux
commented
1 year ago If this create_container function gets passed the run_as_root argument in some form, then it would be able to add the capabilities just for these runtime environments.
Open mpiraux opened 1 year ago
mpiraux
commented
1 year ago If this create_container function gets passed the run_as_root argument in some form, then it would be able to add the capabilities just for these runtime environments.
mpiraux
commented
1 year ago There is an issue with --privileged in Kata v1 which has not been fixed for Docker. Mainly, the host tries to mount devices into the VM and the container, which I don't need but which prevents starting the container. --privileged is required to modify sysctls, which are used by IPMininet. It seems that keeping Kata v1 does not allow to move forward on this issue.
Is your feature request related to a problem? Please describe. Kata runtime could give more priviledge to the root user in the Docker container. Running IPMininet in a Docker container requires the ability of manipulating network namespaces.
Describe the solution you'd like When the runtime allows to run as root, pass --cap_add=ALL to the container. Do this here, https://github.com/UCL-INGI/INGInious/blob/145fc847f751ecbf1c8b52858c3a2a3e47b52670/inginious/agent/docker_agent/_docker_interface.py#L137
Describe alternatives you've considered Changing the use of Kata+Docker for virtme or smth else