Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / e337e938ae8e08dffa3a01045571188413ce70ff
commite337e938ae8e08dffa3a01045571188413ce70ff[log] [tgz]
authorTim Windelschmidt <tim@monogon.tech>Sun Sep 15 20:14:39 2024 +0200
committerTim Windelschmidt <tim@monogon.tech>Wed Sep 18 22:27:59 2024 +0000
treef82fa1f5722c3eae99506510056fb6a5ce736309
parent7a1b27df41a9729dd9669cdaabd6864afc5e85b7 [diff]
m/n/k/containerd: set device ownership based on security context

When a user deploys a pod with a kvm device it is owned by root. By
setting device_ownership_from_security_context to true, containerd
will chown these devices to the uid/gid set in the securityContext.
For more informations see
https://kubernetes.io/blog/2021/11/09/non-root-containers-and-devices/

Change-Id: I1a0285dfc560c3c662d5e2eb8e37e68d87408b83
Reviewed-on: https://review.monogon.dev/c/monogon/+/3428
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
1 file changed
tree: f82fa1f5722c3eae99506510056fb6a5ce736309
  1. .github/
  2. build/
  3. cloud/
  4. go/
  5. intellij/
  6. metropolis/
  7. osbase/
  8. third_party/
  9. tools/
  10. version/
  11. .bazelignore
  12. .bazelproject
  13. .bazelrc
  14. .bazelrc.ci
  15. .bazelrc.sandboxroot
  16. .bazelversion
  17. .git-ignore-revs
  18. .gitignore
  19. BUILD.bazel
  20. CODING_STANDARDS.md
  21. go.mod
  22. go.sum
  23. LICENSE
  24. MODULE.bazel
  25. MODULE.bazel.lock
  26. README.md
  27. SETUP.md
  28. shell.nix
  29. WORKSPACE
README.md

Monogon Monorepo

This is the main repository containing the source code for the Monogon Platform.

This is pre-release software - take a look, and check back later! In the meantime, join us on Matrix (#monogon-os-community:matrix.org) or Discord.

Environment

Our build environment is self-contained and requires only minimal host dependencies:

  • A Linux machine or VM.
  • Bazelisk >= v1.15.0 (or a working Nix environment).
  • A reasonably recent kernel with user namespaces enabled.
  • Working KVM with access to /dev/kvm (if you want to run tests).

Our docs assume that Bazelisk is available as bazel on your PATH.

Refer to SETUP.md for detailed instructions.

Monogon OS

The source code lives in //metropolis (Metropolis is the codename of Monogon OS).

See the //metropolis/README.md for a developer quick start guide, or see the Monogon OS Handbook for user documentation.