| ▲ | nyrikki 6 hours ago | |
Unfortunately even podman etc.. are still limited by OCIs decision to copy the Docker model. Crun just stamp couples security profiles as an example, so everything in the shared kernel that is namespace incompatible is enabled. This is why it is trivial to get in-auditable communication between pods on a host etc… | ||
| ▲ | ragall 3 hours ago | parent | next [-] | |
> Unfortunately even podman etc.. are still limited by OCIs decision to copy the Docker model. Which parts of the model are you referring to ? | ||
| ▲ | oblio 2 hours ago | parent | prev [-] | |
> Crun just stamp couples security profiles I don't understand any of this :-) | ||