[tracking issue] deprecation of insecure --no-pivot flag #4435
Description
With #4434, our pivot_root(2) code now works for the primary usecase for --no-pivot and so --no-pivot is now deprecated unless we find some new usecases that were not apparent before. pivot_root(2) is far more secure than chroot(2) (even with the hardenings we've added over the years).
Known users of --no-pivot:
- Kata Containers -- https://github.com/kata-containers/kata-containers/blob/3.9.0/src/agent/src/sandbox.rs#L148
- minikube -- https://github.com/kubernetes/minikube/blob/v1.34.0/pkg/provision/ubuntu.go#L69
If you found this issue from a warning printed by runc, please let us know more about your usecase in this issue (in particular, why do you use --no-pivot and does runc 1.2 without --no-pivot work for your usecase?).