Hi, I am investigating https://bugzilla.redhat.com/show_bug.cgi?id=1336750 and honestly I'm not sure what is the right solution.
Right now we use unshare() for CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC. I can detect if mock is running inside of container and then skip those unshare. But... What if I am running there some application *and* mock. In the same container. That can be risky. However we can just document it and let the user shoot into its own leg. Or we can just document that you need to gave the containter privileges to run unshare(). Or we can just leave it as it is and do not support run inside of container. Any thoughts? -- Miroslav Suchy, RHCA Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys _______________________________________________ buildsys mailing list -- [email protected] To unsubscribe send an email to [email protected]
