AkihiroSuda
commented
5 years ago @jessfraz @tonistiigi
Closed AkihiroSuda closed 5 years ago
AkihiroSuda
commented
5 years ago @jessfraz @tonistiigi
codecov[bot]
commented
5 years ago Merging #221 into master will not change coverage. The diff coverage is
0%.
@@ Coverage Diff @@
## master #221 +/- ##
=====================================
Coverage 0% 0%
=====================================
Files 14 14
Lines 768 777 +9
=====================================
- Misses 768 777 +9| Impacted Files | Coverage Δ | |
|---|---|---|
| login.go | 0% <0%> (ø) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 2e8ff3a...40ef0d9. Read the comment docs.
AkihiroSuda
commented
5 years ago @jessfraz could you take a look?
jessfraz
commented
5 years ago Thanks!!!
When
/procis not mountable, img now automatically disables process sandbox (PID namespace isolation).Note that this allows build containers to
kill(2)(and potentiallyptrace(2)when seccomp is unavailable) theimgprocess.To run
imgin a Docker container, you no longer need to specify--privileged, but you still need to specify--security-opt seccomp=unconfined --security-opt apparmor=unconfined(which are unconfined on Kubernetes by default).