Thank you,

although I'm in a different use-case, sorry for not being able to explain myself: Kata does support privileged containers (https://github.com/kata-containers/kata-containers/blob/main/docs/how-to/privileged.md), but I don't want to use them.

AFAIK Zun can use a stock Docker install with Kata Containers as an optional step (https://docs.openstack.org/zun/2023.2/install/compute-install.html#enable-kata-containers-optional), but there is no mention of using Zun together with Docker rootless (https://docs.docker.com/engine/security/rootless/) or Zun + Docker Rootless + Kata Containers. Maybe I should start with an ordinary Docker install with Kata and then test if it is possible to switch to rootless?

Best regards

Francesco Di Nucci

Hi,

Zun allows running privileged containers but I am not sure if Kata supports privileged flag. You might want to consult the Kata community about that.

Best regards,

Hongbin

On Wed, Mar 13, 2024 at 4:41 PM Francesco Di Nucci <francesco.dinucci@na.infn.it> wrote:

Hello,

I am working on a 2023.2 instance to install Zun. While we're still in
the design phase, I was wondering if it is possible to run Docker as a
non-root user together with Kata Containers for enhanced security. Has
anyone tried this solution?

Regards

Francesco Di Nucci