Fabricio Voznika

Correct, you can configure a second runtime with docker/K8s and use it for the container you need socket access. You could also set OCI annotations to set flags to individual...

@kevinGC, `SendQueuedReportsLocked()` comment states that `g.protocolMU` must be locked. However, it's not being locked in the stack above. Did I miss anything?

`containerd` has updated its configuration format (once again). Minikube breaks because the plugin is trying to use the old format. Let me do a quick fix for now...we'll need a...

`/dev/video0` is a character device and currently cannot be handled by the gofer (file system proxy). File types supported are listed here: [fsgofer.go:checkSupportedFileType()](https://cs.opensource.google/gvisor/gvisor/+/master:runsc/fsgofer/fsgofer.go;l=332;drc=d7dbf65873e2e05723ea23fbfa414742342456e9). Character devices are not supported because they...

> Can you pls let me know if streaming data from outside into sentry sandbox is not recommended? Yes, this seems like a great use case for gVisor! The give...

What does `stat /dev/video0` return?

The error indicates that the file type is not being accepted: ``` unknown error: unable to create localFile "/dev/video1": operation not permitted ``` And if the file is indeed `character...

This is different from the original problem reported. In this case, ffmpeg is creating a regular file and the container is racing with ffmpeg to read the file. `cat` gets...

@jeyaprabhuj-tts, the example you gave above `ffmpeg -re -i sample.mp4 -map 0:v -f v4l2 /dev/video0` creates a regular file which is susceptible to the race I described. Both `runsc` and...

I think I found the problem. We were not waiting on the host FD for character files. I've updated the PR, please give it another try.