You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: keps/sig-windows/1981-windows-privileged-container-support/README.md
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -327,7 +327,7 @@ Additionally, privileged containers may impact other pod security policies (PSPs
327
327
</td>
328
328
<td>no
329
329
</td>
330
-
<td>Windows does not have configurable PID/IPC namespaces (unlike Linux). Job objects run in the host 'silo' and will have access to other other host processes. Because on Windows this setting is per-container instead of being Pod-wide and also because future plans include the improvements to schedule pods container both normal and 'privileged'/HostProcesscontainers in the same Pod we will not enforce setting this pod security flag for HostProcess containers.
330
+
<td>Windows does not have configurable PID/IPC namespaces (unlike Linux). Windows containers are always assigned their own process namespace. Job objects always run in the host's process namespace. These behaviors are not configurable. Future plans in this area include improvements to enable scheduling pods that can contain both normal and HostProcess/Job Object containers. These fields would not makes in this scenario because Windows cannot configure PID/IPC namespaces like in Linux.
0 commit comments