github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-10-22 20:39:41 +00:00
Code Issues Projects Releases Wiki Activity
Files
6ff78373cfe34550f763d597e5b948a0850431ad
kata-containers/docs/how-to
History
Aurélien Bombo 6ff78373cf docs: Document privileged_without_host_devices=false as unsupported 
Document that privileged containers with
privileged_without_host_devices=false are not generally supported.

When you try the above, the runtime will pass all the host devices to Kata
in the OCI spec, and Kata will fail to create the container for various
reasons depending on the setup, e.g.:

 - Attempting to hotplug uninitialized loop devices.
 - Attempting to remount /dev devices on themselves when the agent had
   already created them as default devices (e.g. /dev/full).
 - "Conflicting device updates" errors.
 - And more...

privileged_without_host_devices was originally created to support
Kata [1][2] and lots of people are having issues when it's set to
false [3].

[1] https://github.com/kata-containers/runtime/issues/1568
[2] https://github.com/containerd/cri/pull/1225
[3] https://github.com/kata-containers/kata-containers/issues?q=is%3Aissue%20%20in%3Atitle%20privileged

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
2025-10-02 15:21:19 -05:00
..
data
images
containerd-kata.md
docs: Update runtime v2 containerd url information
2024-07-15 20:36:17 +00:00
how-to-hotplug-memory-arm64.md
how-to-import-kata-logs-with-fluentd.md
how-to-load-kernel-modules-with-kata.md
how-to-pull-images-in-guest-with-kata.md
docs: add content about how to pull large image
2024-08-15 13:55:22 +08:00
how-to-run-docker-with-kata.md
how-to-run-kata-containers-with-kinds-of-Block-Volumes.md
how-to-run-kata-containers-with-SE-VMs.md
kata-deploy: tools: tests: Use zstd instead of xz
2025-08-21 19:53:55 +02:00
how-to-run-kata-containers-with-SNP-VMs.md
docs: updated build and host setup instructions for SNP
2025-01-28 18:09:40 -06:00
how-to-run-rootless-vmm.md
how-to-set-prometheus-in-k8s.md
how-to-set-sandbox-config-kata.md
runtime: add option to force guest pull
2025-05-27 12:42:00 +02:00
how-to-setup-swap-devices-in-guest-kernel.md
docs: Add how-to-use-memory-agent.md to howto
2025-04-02 17:45:59 +08:00
how-to-use-erofs-build-rootfs.md
how-to-use-k8s-with-containerd-and-kata.md
how-to-use-kata-containers-with-firecracker.md
how-to-use-memory-agent.md
docs: Add how-to-use-memory-agent.md to howto
2025-04-02 17:45:59 +08:00
how-to-use-sysctls-with-kata.md
how-to-use-the-kata-agent-policy.md
CI: Keep base64 output is a single line
2025-09-23 11:58:53 +08:00
how-to-use-virtio-fs-nydus-with-kata.md
how-to-use-virtio-fs-with-kata.md
how-to-use-virtio-mem-with-kata.md
offline_cpu.sh
acrn: Drop support
2024-09-19 16:05:43 +02:00
privileged.md
docs: Document privileged_without_host_devices=false as unsupported
2025-10-02 15:21:19 -05:00
README.md
docs: Add how-to-use-memory-agent.md to howto
2025-04-02 17:45:59 +08:00
run-kata-with-crictl.md
run-kata-with-k8s.md
service-mesh.md
what-is-vm-cache-and-how-do-I-use-it.md
what-is-vm-templating-and-how-do-I-use-it.md

README.md

Howto Guides

Kubernetes Integration

Hypervisors Integration

Currently supported hypervisors with Kata Containers include:

  • qemu

  • cloud-hypervisor

  • firecracker

    In the case of firecracker the use of a block device snapshotter is needed for the VM rootfs. Refer to the following guide for additional configuration steps:

Confidential Containers Policy

Advanced Topics