On Thu, Jun 3, 2021 at 2:18 AM Marc <Marc@xxxxxxxxxxxxxxxxx> wrote: > Not using cephadm, I would also question other things like: > > - If it uses docker and docker daemon fails what happens to you containers? This is an obnoxious feature of docker; podman does not have this problem. > - I assume the ceph-osd containers need linux capability sysadmin. So if you have to allow this via your OC, all your tasks have potentially access to this permission. (That is why I chose not to allow the OC access to it) The --privileged flag and other caps are only passed on an as-needed basis, based on the daemon (each daemon runs in its own container). (There is only one container image, though.) sage _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |