af0a494251
Kubelet can send cap add/drop ALL. Handle that in CRI-O as well. Also, this PR is re-vendoring runtime-tools to fix capabilities add to add caps to _all_ caps set **and** fix a shared memory issue (caps set were initialized with the same slice, if one modifies one slice, it's reflected on the other slices, the vendoring fixes this as well) Signed-off-by: Antonio Murdaca <runcom@redhat.com> |
||
|---|---|---|
| .. | ||
| apparmor_test_deny_write | ||
| container_config.json | ||
| container_config_by_imageid.json | ||
| container_config_hostport.json | ||
| container_config_logging.json | ||
| container_config_resolvconf.json | ||
| container_config_resolvconf_ro.json | ||
| container_config_seccomp.json | ||
| container_exit_test.json | ||
| container_redis.json | ||
| container_redis_device.json | ||
| fake_ocid_default | ||
| README.md | ||
| sandbox_config.json | ||
| sandbox_config_hostnet.json | ||
| sandbox_config_hostport.json | ||
| sandbox_config_seccomp.json | ||
In terminal 1:
sudo ./crio
In terminal 2:
sudo ./crioctl runtimeversion
sudo rm -rf /var/lib/containers/storage/sandboxes/podsandbox1
sudo ./crioctl pod run --config testdata/sandbox_config.json
sudo rm -rf /var/lib/containers/storage/containers/container1
sudo ./crioctl container create --pod podsandbox1 --config testdata/container_config.json