github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #7679 from kinvolk/rata/userns-stateless-pods

Browse Source 
Add support for user namespaces in stateless pods (KEP-127)
This commit is contained in:
Mike Brown
2022-12-29 14:08:24 -06:00
committed by GitHub
parent cfe7ac9956 ca69ae2656
commit 66f186d42d
23 changed files with 909 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/cri/sbserver/container_create_linux.go
View File

@@ -313,7 +313,8 @@ func (c *criService) containerSpec(
specOpts = append(specOpts,
customopts.WithOOMScoreAdj(config, c.config.RestrictOOMScoreAdj),
customopts.WithPodNamespaces(securityContext, sandboxPid, targetPid),
// TODO: This is a hack to make this compile. We should move userns support to sbserver.
customopts.WithPodNamespaces(securityContext, sandboxPid, targetPid, nil, nil),
customopts.WithSupplementalGroups(supplementalGroups),
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer),
customopts.WithAnnotation(annotations.SandboxID, sandboxID),