Closed perezjasonr closed 2 years ago
@vmojzis, it's good idea to look on containerd engine and include it to supported engines.
im wondering if the inspect output of crio is any different from containerd, they are both oci compliant and both can use crictl right?
I tried it with containerd and udica did create a policy, but I'm not sure if its reliable, just wanted to try it to see if it rejected inspect json.
im wondering if the inspect output of crio is any different from containerd, they are both oci compliant and both can use crictl right?
I tried it with containerd and udica did create a policy, but I'm not sure if its reliable, just wanted to try it to see if it rejected inspect json.
I experimented a bit with ctr container info
, but it doesn't provide all the necessary info https://github.com/containerd/containerd/discussions/5811
what about crictl inspect? crictl seems to be configurable for a containerd or crio sock.
I just tried with nerdctl inspect
output (in dockercompat
mode), but it doesn't seems to work.
Error output is Couldn't parse inspect data: 'Config'
. Probably udica
needs more information to create SELinux policies that are not currently present in inspect
output.
@alegrey91 Thank you for the contribution and sorry for the wait. The code is now merged and released on Fedora https://bodhi.fedoraproject.org/updates/FEDORA-2022-7d6e3be239
Note: aside from nerdctl inspect
, udica should also be able to process crictl inspect
of containerd hosted container.
@vmojzis don't worry! It has been a pleasure to contribute to this project :)
Is your feature request related to a problem? Please describe. I just noticed its not listed among the various container runtimes but it is widely used.
Describe the solution you'd like containerd support
Describe alternatives you've considered there is nothing I'm aware of.
Additional context if containerd is implied by one of the others, than this is obviously an unnecessary request, but it might be a good idea to mention it somewhere.