[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] Proposing moving https://github.com/stefwalter/oci-kvm-hook into projectatomic

From: Daniel Walsh <dwalsh redhat com>
To: Colin Walters <walters verbum org>, atomic-devel projectatomic io
Subject: Re: [atomic-devel] Proposing moving https://github.com/stefwalter/oci-kvm-hook into projectatomic
Date: Fri, 16 Feb 2018 14:35:46 -0500

On 02/16/2018 02:33 PM, Colin Walters wrote:

On Fri, Feb 16, 2018, at 2:29 PM, Daniel Walsh wrote:

Does this actually work?

Yes =)   For example it broke and we fixed it e.g.:
https://github.com/stefwalter/oci-kvm-hook/pull/4

I would figure the device cgroup would prevent
use of the kvm device inside a container unless you also modified the
cgroup?


podman run --device /dev/kvm

I guess the thing is personally, I see it as quite safe to expose
the KVM device nowadays, and having to annotate containers
explicitly for it is annoying, particularly in the Kube/OpenShift
case.  That said the linked thread above contains a proposal
for the Kube equivalent of this.

Finally we have a different way of handling this in CRI-O and Podman,but I will open an issue when this gets moved. There is a new configfile to allow us to only use the hook if necessary.

References:
- [atomic-devel] Proposing moving https://github.com/stefwalter/oci-kvm-hook into projectatomic
  - From: Colin Walters
- Re: [atomic-devel] Proposing moving https://github.com/stefwalter/oci-kvm-hook into projectatomic
  - From: Daniel Walsh
- Re: [atomic-devel] Proposing moving https://github.com/stefwalter/oci-kvm-hook into projectatomic
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]