Open jcvenegas opened 7 years ago
Docker sets certain paths in the container as readonly passed in the config.json: "readonlyPaths": [ "/proc/asound", "/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger" ],
We need to set read these paths and set them as read-only.
From @mcastelino on April 7, 2017 21:44
In the case of clear container we allow the over-ride of networking parameters. example
echo "33000 60999" > /proc/sys/net/ipv4/ip_local_port_range
Doing this is not allowed in the case of runc containers
Docker does support tweaking via the systctl setup for namespaced properties. https://docs.docker.com/engine/reference/commandline/run/#options
docker run --sysctl net.ipv4.ip_forward=1 someimage
We need to evaluate if we want to provide identical behavior or allow this implicit re-configuration by the work load itself.Copied from original issue: 01org/cc-oci-runtime#803