This repository has been archived by the owner on May 12, 2021. It is now read-only.
update privileged container documentation #529
Labels
Comments
bergwolf
added
enhancement
|
/cc @awprice @zhiminghufighting would you like to drive this one? |
Yep I'd be happy to do it. |
|
@awprice Cool, thanks! Please note the moby one is still wip and the cri-o one is not handled yet. Let's start with |
|
@bergwolf Sounds good to me! |
awprice
added a commit
to awprice/kata-documentation
that referenced
this issue
Aug 22, 2019
This commit adds documentation for privileged containers and the mounting of host devices when privileged is used. It has instructions for disabling this functionality when using Containerd and CRI. Fixes kata-containers#529 Signed-off-by: Alex Price <[email protected]>
awprice
added a commit
to awprice/kata-documentation
that referenced
this issue
Aug 22, 2019
This commit adds documentation for privileged containers and the mounting of host devices when privileged is used. It has instructions for disabling this functionality when using Containerd and CRI. Fixes kata-containers#529 Signed-off-by: Alex Price <[email protected]>
awprice
added a commit
to awprice/kata-documentation
that referenced
this issue
Aug 23, 2019
This commit adds documentation for privileged containers and the mounting of host devices when privileged is used. It has instructions for disabling this functionality when using Containerd and CRI. Fixes kata-containers#529 Signed-off-by: Alex Price <[email protected]>
awprice
added a commit
to awprice/kata-documentation
that referenced
this issue
Aug 23, 2019
This commit adds documentation for privileged containers and the mounting of host devices when privileged is used. It has instructions for disabling this functionality when using Containerd and CRI. Fixes kata-containers#529 Signed-off-by: Alex Price <[email protected]>
amshinde
added a commit
to amshinde/documentation
that referenced
this issue
Dec 4, 2019
cri-o now supports running privilged containers without passing devices from the host to the container. Fixes kata-containers#529 Signed-off-by: Archana Shinde <[email protected]>
amshinde
added a commit
to amshinde/documentation
that referenced
this issue
Dec 4, 2019
cri-o now supports running privilged containers without passing devices from the host to the container. Fixes kata-containers#529 Signed-off-by: Archana Shinde <[email protected]>
amshinde
added a commit
to amshinde/documentation
that referenced
this issue
Dec 10, 2019
cri-o now supports running privilged containers without passing devices from the host to the container. Fixes kata-containers#529 Signed-off-by: Archana Shinde <[email protected]>
amshinde
added a commit
to amshinde/documentation
that referenced
this issue
Dec 12, 2019
cri-o now supports running privilged containers without passing devices from the host to the container. Fixes kata-containers#529 Signed-off-by: Archana Shinde <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Which feature do you think can be improved?
With containerd/cri side improvement containerd/cri#1225, and moby side improvement moby/moby#39702, and cri-o side cri-o/cri-o#2708 (which is not handled yet), we should update kata's docs about how privilege container works in kata and how to setup and use the feature properly.
How can it be improved?
Add/update document about kata's privilege container handling.
Namingly, for containerd/cri, we should add
privileged_without_host_devices = trueto containerd's config.toml, something likeor
And for docker, users can use
--security-opt privileged-without-host-devices, something likeThe text was updated successfully, but these errors were encountered: