rata
commented
10 months ago @cyphar All should be solved now, PTAL
Closed rata closed 10 months ago
rata
commented
10 months ago @cyphar All should be solved now, PTAL
AkihiroSuda
commented
9 months ago @cyphar Next time can we use the merge button on the GitHub web UI? On the web UI this PR is marked as "closed" and caused a confusion to me.
cyphar
commented
9 months ago Putting "closed" in the merge commit used to not cause issues, it seems GitHub has changed something. I will avoid putting it in the future.
I prefer merging from the cli because my merge commits are signed that way.
High level container runtimes sometimes need to know if the OCI runtime supports idmap mounts or not, as the OCI runtime silently ignores unknown fields.
This means that if it doesn't support idmap mounts, a container with userns will be started, without idmap mounts, and the files created on the volumes will have a "garbage" owner/group. Furthermore, as the userns mapping is not guaranteed to be stable over time, it will be completely unusable.
Let's expose idmap support in the features subcommand, so high level container runtimes use the feature safely.
cc @giuseppe @AkihiroSuda