Closed cdoern closed 1 year ago
@giuseppe PTAL
Nit:
This will allow for rootless execution
I think in commit message following must be extended to specify how a container-runtime
should utilize this field, two approach i could think are runtime invokes setdomainname(
or the second one is write /proc/sys/kernel/domainname
before setting up UTS namespace but is it possible in rootless session ? (Requesting maintainers to confirm)
as @flouthoc pointed out, please update the config schema as well
Nit:
This will allow for rootless execution
I think in commit message following must be extended to specify how a
container-runtime
should utilize this field, two approach i could think are runtime invokessetdomainname(
or the second one is write/proc/sys/kernel/domainname
before setting up UTS namespace but is it possible in rootless session ? (Requesting maintainers to confirm)
I think using setdomainname makes the most sense. Currently crun uses sethostname for the hostname.
What should happen if the sysctl is also specified but with a different value? Should it fail?
@AkihiroSuda Afaik In crun i think sysctl is not allowed at all if OCI spec already has a knob to configure it, for instance i can see for kernel/hostname
: https://github.com/containers/crun/blob/main/src/libcrun/linux.c#L3198
@opencontainers/runtime-spec-maintainers Can we merge this?
add the domainname entity so that container runtimes can add special handling similar to hostname. The current workaround of adding a sysctl for kernel.domainname only works with rootful execution in most cases. This will allow for rootless execution.
container runtimes will be able to add special handling as they do for hostname, using setdomainname to add the entry to /proc/sys/kernel/domainname.
Signed-off-by: Charlie Doern cdoern@redhat.com