Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

* misono.tomoh...@fujitsu.com (misono.tomoh...@fujitsu.com) wrote: > > Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an > > error > > > > An assertion failure is raised during request processing if > > unshare(CLONE_FS) fails. Implement a p

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

gt; On Tue, Jul 28, 2020 at 3:07 AM misono.tomoh...@fujitsu.com < > > > >>>> misono.tomoh...@fujitsu.com> wrote: > > > >>>> > > > >>>>>> Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and > > print > > > >>> an > >

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

t 3:13 PM Vivek Goyal > wrote: > > >> > > >>> On Tue, Jul 28, 2020 at 12:00:20PM +0200, Roman Mohr wrote: > > >>>> On Tue, Jul 28, 2020 at 3:07 AM misono.tomoh...@fujitsu.com < > > >>>> misono.tomoh...@fujitsu.com

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

0 at 12:00:20PM +0200, Roman Mohr wrote: > >>>> On Tue, Jul 28, 2020 at 3:07 AM misono.tomoh...@fujitsu.com < > >>>> misono.tomoh...@fujitsu.com> wrote: > >>>> > >>>>>> Subject: [PATCH v2 3/3] virtiofsd: probe unsh

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

3:07 AM misono.tomoh...@fujitsu.com < >>>> misono.tomoh...@fujitsu.com> wrote: >>>> >>>>>> Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print >>> an >>>>> error >> Yes they can run as root. I can tell you what

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

isono.tomoh...@fujitsu.com> wrote: > > > > > > > > Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print > > an > > > > error > Yes they can run as root. I can tell you what we plan to do with the > containerized virtiofsd: We run it as part

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

om> wrote: > >> > >>>> Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an > >>> error > >> "Just" pointing docker to a different seccomp.json file is something which > >> k8s users/admin in many cases c

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

On Tue, Jul 28, 2020 at 3:13 PM Vivek Goyal wrote: > On Tue, Jul 28, 2020 at 12:00:20PM +0200, Roman Mohr wrote: > > On Tue, Jul 28, 2020 at 3:07 AM misono.tomoh...@fujitsu.com < > > misono.tomoh...@fujitsu.com> wrote: > > > > > > Subject: [PATCH v2

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

om> wrote: > >> > >>>> Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an > >>> error > >>>> An assertion failure is raised during request processing if > >>>> unshare(CLONE_FS) fails. Implement a probe at sta

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

t; misono.tomoh...@fujitsu.com> wrote: > > > > > > > > Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print > > > > > an > > > > error > > > > > > > > > > An assertion failure is raised during r

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

On 7/28/20 11:32, Stefan Hajnoczi wrote: > On Tue, Jul 28, 2020 at 12:00:20PM +0200, Roman Mohr wrote: >> On Tue, Jul 28, 2020 at 3:07 AM misono.tomoh...@fujitsu.com < >> misono.tomoh...@fujitsu.com> wrote: >> >>>> Subject: [PATCH v2 3/3] virtiofsd: probe u

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

On 7/28/20 09:12, Vivek Goyal wrote: > On Tue, Jul 28, 2020 at 12:00:20PM +0200, Roman Mohr wrote: >> On Tue, Jul 28, 2020 at 3:07 AM misono.tomoh...@fujitsu.com < >> misono.tomoh...@fujitsu.com> wrote: >> >>>> Subject: [PATCH v2 3/3] virtiofsd: probe u

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

On Tue, Jul 28, 2020 at 09:12:50AM -0400, Vivek Goyal wrote: > On Tue, Jul 28, 2020 at 12:00:20PM +0200, Roman Mohr wrote: > > On Tue, Jul 28, 2020 at 3:07 AM misono.tomoh...@fujitsu.com < > > misono.tomoh...@fujitsu.com> wrote: > > > > > > Subject:

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

On Tue, Jul 28, 2020 at 12:00:20PM +0200, Roman Mohr wrote: > On Tue, Jul 28, 2020 at 3:07 AM misono.tomoh...@fujitsu.com < > misono.tomoh...@fujitsu.com> wrote: > > > > Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an > > error > > &g

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

On Tue, Jul 28, 2020 at 3:07 AM misono.tomoh...@fujitsu.com < misono.tomoh...@fujitsu.com> wrote: > > Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an > error > > > > An assertion failure is raised during request processing if > > unshare(C

Re: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

On Tue, Jul 28, 2020 at 12:00:20PM +0200, Roman Mohr wrote: > On Tue, Jul 28, 2020 at 3:07 AM misono.tomoh...@fujitsu.com < > misono.tomoh...@fujitsu.com> wrote: > > > > Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an > > error > > &g

RE: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

> Subject: [PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error > > An assertion failure is raised during request processing if > unshare(CLONE_FS) fails. Implement a probe at startup so the problem can > be detected right away. > > Unfortunately Docker/

[PATCH v2 3/3] virtiofsd: probe unshare(CLONE_FS) and print an error

An assertion failure is raised during request processing if unshare(CLONE_FS) fails. Implement a probe at startup so the problem can be detected right away. Unfortunately Docker/Moby does not include unshare in the seccomp.json list unless CAP_SYS_ADMIN is given. Other seccomp.json lists always