Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: What happens if user decide to run stalld in the QM partition? (Not in the main partition) #428

Open
dougsland opened this issue May 6, 2024 · 0 comments
Assignees
Labels
documentation Improvements or additions to documentation jira

Comments

@dougsland
Copy link
Collaborator

Let's write a document explaining what happens (with example what really happens when trying to run it) and why we do not allow it.

Some context for the document:

sched_setattr() is the syscall that the service stalld uses behind the scenes. The QM container/partition won't allow to use it via namespaces (seccomp), so if a program try to use it (calling the system call) won't work, it will be blocked. However, if the sysadmin decide to run stalld in the main partition (let's assume in the Host machine, not in the QM partition which is a running container inside the host) it will work and can even read the files under the QM partition (/usr/lib/qm/rootfs). 

You might ask, why we did that? We followed the Risk Assessment team requests.
See-Also:
seccomp: The use of SCHED_DEADLINE inside QM is not supported
https://github.com/containers/qm/issues/375
@dougsland dougsland added documentation Improvements or additions to documentation jira labels May 6, 2024
@dougsland dougsland self-assigned this May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation jira
Projects
None yet
Development

No branches or pull requests

1 participant