-
Notifications
You must be signed in to change notification settings - Fork 536
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
util-linux support #5041
Comments
I'm not sure I fully understand the issue. CNI runs in fact on the host, it doesn't need If I don't think we really want to ship |
Does the reply here make some sense linkerd/linkerd2#7945 (comment) possibly as to why CNI's like Linkerd require this? Without something like this it looks like Talos wouldn't support Linkerd as a CNI? |
I think we should avoid including This whole CNI story is certainly a security mess in general (not only Linkerd, but any CNI): dropping random binaries on the host, running them with basically root privileges. With Talos what one can do is to bundle CNI binaries and anything else which is required as a system extension, and install that as needed. This should allow to keep root filesystem read-only. |
Feature Request
Include
nsenter
as a host program.Description
In some cases some programs like CNI require
nsenter
to be on the host to operate.Notes
Related:
The text was updated successfully, but these errors were encountered: