UCL-INGI
Runtime environments allowing to run as root could provide more capabilities to the containers
Is your feature request related to a problem? Please describe. Kata runtime could give more priviledge to the root user in the Docker container. Running IPMininet in a Docker container requires the ability of manipulating network namespaces.
Describe the solution you'd like When the runtime allows to run as root, pass --cap_add=ALL to the container. Do this here, https://github.com/UCL-INGI/INGInious/blob/145fc847f751ecbf1c8b52858c3a2a3e47b52670/inginious/agent/docker_agent/_docker_interface.py#L137
Describe alternatives you've considered Changing the use of Kata+Docker for virtme or smth else
If this create_container function gets passed the run_as_root argument in some form, then it would be able to add the capabilities just for these runtime environments.
There is an issue with --privileged in Kata v1 which has not been fixed for Docker. Mainly, the host tries to mount devices into the VM and the container, which I don't need but which prevents starting the container. --privileged is required to modify sysctls, which are used by IPMininet. It seems that keeping Kata v1 does not allow to move forward on this issue.