9a01272dc2
VM isolated runtimes can support privileged workloads. In this scenario, access to the guest VM is provided instead of the host. Based on this, allow untrusted runtimes to run privileged workloads. If the workload is specifically asking for node PID/IPC/network, etc., then continue to require the trusted runtime. This commit repurposes the hostPrivilegedSandbox utility function to only check for node namespace checking. Fixes: #855 Signed-off-by: Eric Ernst <eric.ernst@intel.com>
22 KiB
22 KiB