You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Am I correct in reading the code here that when the kata agent is used as init then you pass no_pivot_root to the container runtime? This happens because when running from initrd (could you also clarify if this is initramfs or initrd? I am still trying to understand the difference but it seems sometimes the term is used interchangeably) then / is of type rootfs.
I'm playing around with running a container runtime from initramfs and was able to get it to work with this comment but I don't fully understand why it is still working. After doing that unshare-mount-chroot dance, I still see / as rootfs, but I can successfully run crun without --no-pivot and see the successful pivot_root(".", ".") call in strace. Is this helpful or surprising to you? I think --no-pivot isn't recommended for security reasons so I wanted to avoid it, but not sure what kata's stance is
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Am I correct in reading the code here that when the kata agent is used as init then you pass
no_pivot_root
to the container runtime? This happens because when running from initrd (could you also clarify if this is initramfs or initrd? I am still trying to understand the difference but it seems sometimes the term is used interchangeably) then/
is of typerootfs
.I'm playing around with running a container runtime from initramfs and was able to get it to work with this comment but I don't fully understand why it is still working. After doing that unshare-mount-chroot dance, I still see
/
as rootfs, but I can successfully runcrun
without--no-pivot
and see the successfulpivot_root(".", ".")
call in strace. Is this helpful or surprising to you? I think--no-pivot
isn't recommended for security reasons so I wanted to avoid it, but not sure what kata's stance isBeta Was this translation helpful? Give feedback.
All reactions