Open ctalledo opened 1 week ago
Either that, or we run mknod
in the init namespaces (through sys-mgr) and bind-mount these nodes into each container. I like the idea of intercepting mknod
though since it offers a better virtual-host abstraction.
Inside a Sysbox container, some devices show up with
nobody:nogroup
ownership:This is not ideal and sometimes causes problems (e.g., issue #839 ).
Ideally all these devices would show up with
root:root
ownership, as they would on a real host.This likely requires that Sysbox intercept the
mknod
system call inside the container, as otherwise this syscall is blocked within the Sysbox container's user namespace.