Document how cgroups are done today and what is expected
for the upcoming SandboxCgroupOnly option.
Prior cgroup documentation are no longer accurate. Removing the cgroup
discussion from the cpu sizing discussion. Updating the
cpu-constraints.md file name to reflect this.
Fixes: #542
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This commit adds documentation for privileged containers and the mounting of host devices
when privileged is used. It has instructions for disabling this functionality when using
Containerd and CRI.
Fixes#529
Signed-off-by: Alex Price <aprice@atlassian.com>
Let's keep all design documents in the same logical location. Updating
the file to be called 'cpu-constraints', though we may want to expand to
resource constraints going forward.
Fixes: #417
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Kata does support privileged flag but within the guest,
so explain how this works in the Limitations docs.
Fixes#362
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Remove the `network connect` limitation from `Limitations.md` as the limitation has been removed.
Fixes#287.
Signed-off-by: Ayoub Bousselmi <abousselmi@users.noreply.github.com>
Remove the `ps` limitation from `Limitations.md` as the limitation has been removed.
Fixes#342.
Signed-off-by: Ayoub Bousselmi <abousselmi@users.noreply.github.com>
We do not currently support enablement of `selinux` in the
dockerd config. Document that.
Fixes: #252
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
We have new CPU constraints docs, now in this repo. Update the
Limitations document to reflect that.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
cli events is now partly supported.It returns
the stats of a certain container.
OOM notification and Intel RDT stats are not supproted
as what runc does
Fixes: #103
Signed-off-by: Haomin <caihaomin@huawei.com>
