Make nsenter in reboot command optional #896
Comments
|
But this only would work, if you can use binaries which are already inside the kured-image right? So maybe you use a custom-image? |
Yes, for the use cases I've listed
I think it should be fairly small change that won't break any thing. Mainly need it for the reduced privileges as I can't use the new reboot signal methods since I need to run a small shell script in the command before hand. |
|
Main driver for this is mostly I needed a mechanism to trigger shutdowns as well as reboot. I could open up a separate issue for it I suppose, not sure if there would be enough interest in supporting shutdown on a reboot daemon. Though this could be a smaller change to go in. |
|
Thanks for the explanations. Yes, both binaries are already present. For the path-based method we could just create a file with go-code at a configurable, mounted location. Shutdowns are not directly in scope of kured, I think. |
|
Happy to open up a PR for this if you think this change could go into Kured. |
|
Raised a PR here if interested https://github.com/kubereboot/kured/pull/899/files
Saw this comment while making this. Could be another use case to support changing the PID as a configuration for rancher. |
|
@ckotzbauer Gentle bump for this thread |
|
Thanks for the hint, I did a review. |
Following #814 which added signal based reboot we could reduce the privilege of the kured pods. With this we could also look into reducing the privileges for the reboot command method which currently is limited by the need to enter the host namespace.
If
nsenterwas made optional or configurable, this allows a lot more flexibility in setting up reboot methods that are more secure. We can imitate signal reboot by sending signals as a command through/bin/kill. This can also indirectly solve #868 as we could also make the reboot command touch a reboot file.The text was updated successfully, but these errors were encountered: