I’m reasonably sure that nobody wants to intentionally relax compute host
security in order to add this new functionality. Let’s find the right short
term and long term approaches
From our discussions, one approach that seemed popular for long-term
support was to find a way to gracefully
On Fri, Jun 13, 2014 at 4:09 AM, Daniel P. Berrange berra...@redhat.com
wrote:
On Thu, Jun 12, 2014 at 09:57:41PM +, Adrian Otto wrote:
Containers Team,
The nova-docker developers are currently discussing options for
implementation for supporting mounting of Cinder volumes in
On Fri, 2014-06-13 at 09:09 +0100, Daniel P. Berrange wrote:
On Thu, Jun 12, 2014 at 09:57:41PM +, Adrian Otto wrote:
Containers Team,
The nova-docker developers are currently discussing options for
implementation for supporting mounting of Cinder volumes in
containers, and
On Fri, 2014-06-13 at 17:55 -0400, Eric Windisch wrote:
Why would you mount it from within the container? CAP_SYS_ADMIN is a
per process property, so you use nsenter to execute the mount in the
required mount namespace with CAP_SYS_ADMIN from outside of the
container (i.e. the host).
On Thu, 2014-06-12 at 21:57 +, Adrian Otto wrote:
Containers Team,
The nova-docker developers are currently discussing options for
implementation for supporting mounting of Cinder volumes in
containers, and creation of unprivileged containers-in-containters.
Both of these currently
