mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-03-18 02:32:26 +00:00
566bb306f1
Specify runAsUser, runAsGroup, supplementalGroups values embedded in the image's /etc/group file explicitly in the security context. With this, both genpolicy and containerd, which in case of using nydus guest-pull, lack image introspection capabilities, use the same values for user/group/additionalG IDs at policy generation time and at runtime when the OCI spec is passed. Signed-off-by: Manuel Huber <manuelh@nvidia.com>