[TechDebt] ceph-osd use host pid namespace
Bug #1647011 reported by
Sam Yaple
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
Expired
|
Undecided
|
Unassigned |
Bug Description
With Docker 1.12, ceph-osd no long need to use host pid namespaces. They can now share namespaces with each other. This would be considered a security fix to a degree. Currently ceph-osd containers can see all the pids in all the other containers.
This is really should have been a tech-debt bug from the start, but instead we will file it now.
To post a comment you must log in.
This is an automated cleanup. This bug report has been closed because it
is older than 18 months and there is no open code change to fix this.
After this time it is unlikely that the circumstances which lead to
the observed issue can be reproduced.
If you can reproduce the bug, please:
* reopen the bug report (set to status "New")
* AND add the detailed steps to reproduce the issue (if applicable)
* AND leave a comment "CONFIRMED FOR: <RELEASE_NAME>"
Only still supported release names are valid (OCATA, PIKE, QUEENS, ROCKY, ROCKY).
Valid example: CONFIRMED FOR: OCATA