Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add proposal to introduce User Capabilities in Kubernetes and CRI. #2285

Open
wants to merge 1 commit into
base: master
from

Conversation

@filbranden
Copy link
Member

commented Jun 19, 2018

To be discussed on SIG Node meeting of 2018-06-19.

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Jun 19, 2018

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: dchen1107

Assign the PR to them by writing /assign @dchen1107 in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@filbranden filbranden force-pushed the filbranden:usercap1 branch from efac407 to a68f031 Jun 19, 2018


This is the most secure setting and should not be too hard to troubleshoot given
the failure scenario is likely to make the container fail quickly with a message
that is likely to point to the lack of specific capabilities.

This comment has been minimized.

Copy link
@justincormack

justincormack Jun 19, 2018

It may be worth noting it will also just fail if the machine is running an older kernel (I can't remember off hand if it fails silently in runc though).

@fejta-bot

This comment has been minimized.

Copy link

commented Sep 17, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@redbaron

This comment has been minimized.

Copy link

commented Sep 18, 2018

/remove-lifecycle stale

@james-callahan

This comment has been minimized.

@fejta-bot

This comment has been minimized.

Copy link

commented Mar 17, 2019

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@james-callahan

This comment has been minimized.

Copy link

commented Mar 27, 2019

/remove-lifecycle stale

What is the current status of this proposal?

@filbranden

This comment has been minimized.

Copy link
Member Author

commented Mar 27, 2019

I haven't had time to push it forward. I'll be away for the next couple of months, so I don't expect to be able to come back to it before that. If anyone would like to pick up from where I left off, feel free to do so. Cheers!

@fejta-bot

This comment has been minimized.

Copy link

commented Jun 25, 2019

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k3a

This comment has been minimized.

Copy link

commented Jun 25, 2019

/remove-lifecycle stale

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.