[Container-tools] [Devtools] openshift is way too permissive in the CDK/ADB
Daniel J Walsh
dwalsh at redhat.com
Thu May 19 14:12:52 UTC 2016
User namespace as you would expect it to work. (Container Isolation)
does not work yet. User Namespace can be used with docker-1.10, but
only for protecting the host from the container. All containers would
run with the same "DockerRoot".
We are working on the ability to run each container with its own range
of UIDs, but this is a long way from being accepted in upstream docker.
On 05/18/2016 02:46 PM, Hardy Ferentschik wrote:
> Hi,
>
> On Wed, 18-May-2016 07:10, Clayton Coleman wrote:
>> It was a deliberate choice, predicated on other changes coming to
>> Docker (user namespaces) plus the desire to ensure demos run.
>>
>> Ultimately, the CDK is a playground. Putting up chain link fences
>> around the playground sends the wrong message.
>>
>> I'd prefer to have it easier to go between the levels in the short
>> term than to ratchet it back.
> +1 to all the above.
>
> My understanding was anyways that in with the upcoming user namespaces
> things would change and the problem would "go away". Where do things
> stand regarding this feature?
>
> --Hardy
>
>
>
> _______________________________________________
> Container-tools mailing list
> Container-tools at redhat.com
> https://www.redhat.com/mailman/listinfo/container-tools
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/container-tools/attachments/20160519/21fd0c96/attachment.htm>
More information about the Container-tools
mailing list