Akihiro Suda
c54f4a986d
support --oci-worker-no-process-sandbox
...
Note that this mode allows build executor containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace.
This mode should be enabled only when the BuildKit is running in a container as an unprivileged user.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-01-08 10:42:52 +09:00
Akihiro Suda
b5003d53eb
update docs
...
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-11-01 16:17:26 +09:00
Akihiro Suda
048130d1d0
simplify rootless
...
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-16 14:05:58 +09:00
Akihiro Suda
eebb7428f5
rootless: update docs/rootless.md
...
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-07-04 19:27:54 +09:00
Akihiro Suda
18ac6e2d9a
test.Dockerfile: new target: "rootless"
...
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-06-04 23:17:03 +09:00
Akihiro Suda
c9c0603847
fix rootless docs
...
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-06-01 13:04:55 +09:00
Akihiro Suda
adef0dedef
oci-worker: experimental support for rootless mode
...
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-05-31 16:05:13 +09:00