Unfortunately even podman etc.. are still limited by OCIs decision to copy the Docker model. Crun ...

nyrikki • yesterday at 3:15 PM • 2 replies • view on HN

Unfortunately even podman etc.. are still limited by OCIs decision to copy the Docker model.

Crun just stamp couples security profiles as an example, so everything in the shared kernel that is namespace incompatible is enabled.

This is why it is trivial to get in-auditable communication between pods on a host etc…

ragall • yesterday at 6:12 PM

> Unfortunately even podman etc.. are still limited by OCIs decision to copy the Docker model.

Which parts of the model are you referring to ?

➕ show 1 reply

oblio • yesterday at 7:14 PM

> Crun just stamp couples security profiles

I don't understand any of this :-)

alt Hacker News