| kata-irc-bot | <itskumaresan> Hello Team, | 06:01 |
|---|---|---|
| kata-irc-bot | <itskumaresan> Hello Team, Good day to you. The question around Seccomp and Capabilities filtering Can you help me to understand the list of syscalls or capabilities that are filtered by *default* when using kata-runtime in comparison with other runtimes? Kata: https://github.com/kata-containers/kata-containers/blob/main/src/runtime/virtcontainers/pkg/agent/protocols/grpc/config.json Docker: | 06:10 |
| kata-irc-bot | https://github.com/moby/moby/blob/master/profiles/seccomp/default.json Capabilities: https://man7.org/linux/man-pages/man7/capabilities.7.html | 06:10 |
| kata-irc-bot | <chongjinheng> Hi all, I'm trying out kata QEMU rootless VMM mode in kata 2.3.2, following this document https://github.com/kata-containers/kata-containers/blob/main/docs/how-to/how-to-run-rootless-vmm.md For context, I'm using kata-deploy to install and creating pods with Kubernetes. I have duplicated a config file at /etc/kata-containers/configuration.toml and changed "rootless = true". I'm running kubectl command as root, and I have added | 14:07 |
| kata-irc-bot | the the required Kubernetes annotations to the deployment and pod definition I am able to start a pod with kata runtime, both the QEMU process and the virtiofsd is still running as root process. May I know how do I set this up correctly? Appreciate your help, thanks! Attached with some screenshots of what I did | 14:07 |
| kata-irc-bot | <feng.wang> hmmm…we have been running the rootless mode without any issue. make sure you’re running kata with the expected configuration. | 22:59 |
| kata-irc-bot | <feng.wang> @eric.ernst Any idea? | 23:00 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!