search

darwin-containers / rund

OCI Container Runtime for Darwin
Apache License 2.0
432 stars 13 forks source link

Container has access to host process tree #42

Closed rbrtl closed 4 months ago

rbrtl commented 5 months ago 
docker run --rm -it ghcr.io/macoscontainers/macos-jail/ventura:latest ps -ef
    0     1     0   0  7Jan24 ??        82:00.37 /sbin/launchd
...
  501   863 94219   0  9:57AM ??         0:00.07 docker run --rm -it ghcr.io/macoscontainers/macos-jail/ventura:latest ps -ef

I'm assuming this isn't expected behaviour but a consequence of the "very alpha"-ish-ness 😁

If I can help with investigation or resolution I'd like to, however macOS internals have always been a black box I have been too scared to open.

slonopotamus commented 5 months ago

That's expected. macOS doesn't have process namespaces.