| ▲ | curt15 5 hours ago | |
>'then we'll just ship your machine production' Minus the kernel of course. What is one to do for workloads requiring special kernel features or modules? | ||
| ▲ | avsm 5 hours ago | parent [-] | |
Those are global to the machine; generally not an issue and seccomp rules can filter out undesirable syscalls to other containers. But GPU kernel/userspace driver matching has been a huge headache; see https://cacm.acm.org/research/a-decade-of-docker-containers/... in the article for how the CDI is (sort of) helping standardise this. | ||