On Sat, Apr 22, 2023 at 10:48 AM Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Sat, Apr 22, 2023 at 10:13:31AM -0400, David Michael wrote: > > > Would it be possible to add a warning to this effect? Without any form > > > of sandboxing Firecracker is not suitable for production use. > > Where would such a warning be placed? The sandboxing is done by a > > standalone program[0] which is not built in the package, so it should > > be clear that it isn't available. > > Silly question: would it make any sense at all to use _podman_ as a > replacement for firecracker's jailer? That would certainly be convenient and support use cases like with krun, but I'd need to do more research around producing a compatible podman runtime. I've seen a few container runtime integration projects for Firecracker, some abandoned. Maybe pursuing the Kata runtime would be the best fit for Fedora since it's already packaged? (Although I see Kata still wants Firecracker's jailer program, and I don't know if it's optional or not.) Thanks. David _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
