Closed AkihiroSuda closed 5 years ago
@jessfraz @tonistiigi
Merging #221 into master will not change coverage. The diff coverage is
0%
.
@@ Coverage Diff @@
## master #221 +/- ##
=====================================
Coverage 0% 0%
=====================================
Files 14 14
Lines 768 777 +9
=====================================
- Misses 768 777 +9
Impacted Files | Coverage Δ | |
---|---|---|
login.go | 0% <0%> (ø) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 2e8ff3a...40ef0d9. Read the comment docs.
@jessfraz could you take a look?
Thanks!!!
When
/proc
is not mountable, img now automatically disables process sandbox (PID namespace isolation).Note that this allows build containers to
kill(2)
(and potentiallyptrace(2)
when seccomp is unavailable) theimg
process.To run
img
in a Docker container, you no longer need to specify--privileged
, but you still need to specify--security-opt seccomp=unconfined --security-opt apparmor=unconfined
(which are unconfined on Kubernetes by default).