On Fri, Sep 24, 2021, at 3:24 PM, Vivek Goyal wrote:
> When a new inode is created, send its security context to server along
> with creation request (FUSE_CREAT, FUSE_MKNOD, FUSE_MKDIR and FUSE_SYMLINK).
> This gives server an opportunity to create new file and set security
> context (possibly
On Thu, Sep 29, 2022, at 1:03 PM, Vivek Goyal wrote:
>
> So rust version of virtiofsd, already supports running unprivileged
> (inside a user namespace).
I know, but as I already said, the use case here is running inside an OpenShift
unprivileged pod where *we are already in a container*.
>
On Tue, Sep 27, 2022, at 1:27 PM, German Maglione wrote:
>
>> > Now all the development has moved to rust virtiofsd.
Oh, awesome!! The code there looks great.
> I could work on this for the next major version and see if anything breaks.
> But I prefer to add this as a compilation feature,
On Wed, Sep 28, 2022, at 3:28 PM, Vivek Goyal wrote:
> Sounds reasonable. In fact, we could probably do someting similar
> for "landlock" as well.
Thanks for the discussion all! Can someone (vaguely) commit to look into this
in say the next few months? It's not *urgent*, we can live with the
On Thu, Sep 29, 2022, at 10:10 AM, Vivek Goyal wrote:
> What's your use case. How do you plan to use virtiofs.
At the current time, the Kubernetes that we run does not support user
namespaces. We want to do the production builds of our operating system
(Fedora CoreOS and RHEL CoreOS) today