alexperevalov

I would like to raise and interface issue here, which related to idmapped mounts. Since we can have shared volumes, e.g. a directory mounted from host fs. Here idmap mount...

> @rata > > This would (in theory) be useful for Kubernetes because Kubernetes knows what volumes are used by what containers, and having ID mapped mounts would allow Kubernetes...

> I think it is not trivial to use id mapped mounts for volumes, as we need to know if the filesystems support id mapped mounts. If we just focus...

> The reason we didn't support this from the outset is that some of the bits during container setup where you have to configure the namespaces won't really work if...

This PR depends on golang's x/sys library modifications: https://go-review.googlesource.com/c/sys/+/397095 https://go-review.googlesource.com/c/sys/+/397094 and depends on https://github.com/opencontainers/runtime-spec/pull/1143. Patches for x/sys are merged, just need to wait for appropriate version release of lib. runtime-spec...

runtime-spec changes are not yet tagged, latest tag is v1.0.2 the same with x/sys golang lib, not yet published

in centos-stream-9 two tests are failed: TestUsernsCheckpoint TestCheckpoint Tests related to checkpoint restore failed due to segfault in criu, I reproduced it on Centos Stream 8 (I don't have Stream...

Still draft since Ambient field appeared in cri-api 0.24, but current available version is still cri-api version is 0.24.0-alpha.3. According to https://github.com/kubernetes/sig-release/tree/master/releases/release-1.24 release is planned to 19th of April.

/ok-to-test

I don't have idea why https://github.com/Microsoft/hcsshim stop building