You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 12, 2021. It is now read-only.
We do not want to create cgroups in case of rootless.
Fix the logic to implement this.
Fixeskata-containers#2177
Signed-off-by: Archana Shinde <[email protected]>
We do not want to create cgroups in case of rootless.
Fix the logic to implement this.
Fixeskata-containers#2177
Signed-off-by: Archana Shinde <[email protected]>
(cherry picked from commit f6ffb79)
This includes fix for CVE-2019-19921
3291d66b rootfs: do not permit /proc mounts to non-directories
55f8c254 temporarily disable CRIU tests
5c20ea14 fix merging kata-containers#2177 and kata-containers#2169
8541d9cf Fix race checking for process exit and waiting for exec fifo
52951a7c Fix race in tty integration test with slow startup
8ddd8920 libcontainer: add method to get cgroup config from cgroup
Manager
cd7c59d0 libcontainer: export createCgroupConfig
ec49f98d fs2: support legacy device spec (to pass CI)
88e8350d cgroup2: split fs2 from fs
41a20b58 Expose network interfaces via runc events
48b055c4 Makefile: allow overriding `docker` command
42690e68 Make event types public
faf1e44e cgroup2: ebpf: increase RLIM_MEMLOCK to avoid BPF_PROG_LOAD
error
ccd4436f .travis.yml: add Fedora 31 vagrant box (for cgroup2)
faf673ee cgroup2: port over eBPF device controller from crun
74a3fe5d cgroup2: do not parse /proc/cgroups
9c81440f cgroup2: allow mounting /sys/fs/cgroup in UserNS without
unsharing CgroupNS
13919f5d Remove the static_build build tag.
dbd771e4 cgroup2: implement `runc ps`
9996cf7d README.md: clarify cgroup2 support is not ready for production
d918e7f4 cpuset_v2: skip Apply when no limit is specified
033936ef io_v2.go: remove blkio v1 code
a610a848 criu: Ensure other users cannot read c/r files
b28f58f3 Set unified mountpoint in find mnt func
f017e0f9 checkpoint: Set descriptors.json file mode to 0600
4be50fe3 SECURITY: Add Security Policy
2111613c VERSION: back to development
28e58a0f Support different field counts of cpuaact.stats
e63b797f Handle ENODEV when accessing the freezer.state file
5e0e67d7 fix permission denied
056909bd Adds note about user ns for rootless containers
Fixeskata-containers#719
Signed-off-by: Archana Shinde <[email protected]>
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
bugIncorrect behaviourneeds-reviewNeeds to be assessed by the team.
We should not be creating cgroups for rootless case. But the current logic in place does not implement this correctly.
The text was updated successfully, but these errors were encountered: