What is the problem you're trying to solve
containerd is often running as root and tends to have multiple Linux capabilities for issuing privileged syscalls such as mount(2). We could extract some parts of containerd to less-privileged subprocesses (like shims) to handle less-trusted inputs such as container images.
Describe the solution you'd like
Define areas we'd like to reduce privileges/capabilities and extract them into subprocesses (either forking containerd and drop permissions or having a special-purpose executable).
Additional context
No response
What is the problem you're trying to solve
containerd is often running as
rootand tends to have multiple Linux capabilities for issuing privileged syscalls such asmount(2). We could extract some parts of containerd to less-privileged subprocesses (like shims) to handle less-trusted inputs such as container images.Describe the solution you'd like
Define areas we'd like to reduce privileges/capabilities and extract them into subprocesses (either forking containerd and drop permissions or having a special-purpose executable).
Additional context
No response