►
From YouTube: Kubernetes SIG Windows 20210615
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
So
I
see
one
or
two
new
folks
give
it
just
a
second.
If
anybody
wants
to
speak
up
and
say
hello
introduce
themselves
to
the
community
and
let
us
know
what
you're
interested
in
and
or
anything
else
does
anybody
want
to
speak
up
and
say
hello.
A
Oh
okay,
great!
So
then
we'll
we'll
dive
right
into
the
announcements.
I
don't
see
the
person
who's
working
on
this,
but
sono
buoy
was
window.
Support
was
added
to
sono
buoy,
so
this
potentially
opens
up
the
door
for
doing
some
of
the
performance
testing,
but
it
also
has
some
interesting
information
in
here
around
how
to
to
run
a
windows
plugin
so
pretty
exciting
to
see
this
come
through,
go
and
check
it
out,
leave
some
comments.
They
were
asking
for
some
feedback
here.
A
So
if
you're
you're
interested
in
using
this
or
are
working
with,
it
be
sure
to
give
some
feedback
there.
Any
questions
or
comments.
A
Cool
auburn:
do
you
want
to
quickly
talk
about
the
projected
volume
bug
that
you
found.
C
Yes,
I
can
so
I
think
windows
has
been
broken
with
respect
to
projected
volumes
ever
since
that
pr
that
I've
that
I've
mentioned
got
merged
yeah.
I
think
I've
mentioned
it
here,
it's
implementation.
So
if
you
look
at
the
implementation,
I
think
that
landed
in
119.
I
would
think
from
what
I.
C
So
what
is
the
main
issue
here
is
a
so
I
think
the
way
do
folks
know
what
projected
volumes
are.
I
can
quickly
go
through
what
a
projector
volume
is
or.
C
Yeah,
so
I
think
yeah
I
found
out
all
about
this
in
the
last
few
days.
C
E
C
B
C
C
Only
if
that
is
set
will
the
cho
even
take
effect
right,
if
you're
not
specifying
that
in
the
security
context,
there
is
no
user
to
associate
it
with.
So,
in
fact,
if
you
look
at
the
current
implementation,
there
is
a
loop
and
if
it
says,
if
f
is
user,
equals
nil
just
continue
and
the
ch
one
is
never
called
so.
I
think
it's
in
atomic
writer
james,
if
you're
the
one
driving.
B
I
think
we
so
I
I
think
you're
saying
that
it
is
failing
because
of
the
security
context
which.
C
Has
sorry
claudio
yeah,
so
this
is
what
I'm
talking
about.
C
C
The
pod
will
come
up,
but
the
ownership
will
be
incorrect
and
that's
sort
of
like
a
security
hole
right,
whereas
in
the
case
of
I
think
in
the
case
of
situations
like
openshift,
where
you
have
like
admission
controllers
that
are
attaching
things
onto
pods,
we
actually
have
the
fs
username,
even
though
it's
a
windows
pod
being
set,
and
that's
what
is
really.
If
that's
what
really
brought
this
problem
out
for
us.
C
If
that
was
not
being
done,
I
think
we
would
have
completely
missed
the
fact
that
you
know
there's
a
security
hole
in
windows,
so
I
should
really
maybe
rephrase
that
issue
to
say
that
you
know
the
permissions
are
not
being
set
or
to
be
more
specific
about
it,
because
that
that
issue
that
you're
that
I've
spoken
about,
I
think
you
will
only
see
it
in
openshift.
A
At
the
the
the
conformance
test
and
they're
all
passing
and
then
operand
found
that
it
wasn't
setting
a
username.
That's
why
this
line
here
so
cool.
Thank
you
for
tracking
that
down,
and
also
starting
to
work
on
a
fix,
appreciate
that.
C
Yeah,
so
I
found
this
that's
the
other
thing
I
can
quickly
run
by
you
folks,
I
found
this
utility
or
a
library
called
go
guacal
where
you
can
actually
set
the
apple
for
files,
I'm
guessing
that's
a
good
way
to
do
it.
A
Google's
yeah,
I
think
we
have
a
few
utilities
that
are
used
in
hds
shim
for
this
type
of
thing,
so
I'd
probably
prefer
to
use
whatever's
whatever
we're
using
there.
But
I'd
have
to
look
that
up.
C
Yeah,
if
there
is
an
alternative,
that's
totally
fine.
I
can
use
that.
The
the
main
work
here
is
like
this
determine
effective
run
as
username
had
to
be
added.
You
can't
just
assume
it's
only
user
name
right.
You
have
to
sort
of
make
sure
that
so
the
way
I'm
doing
it
is
if
I,
if
I
find
a
username
it's,
I
know
at
that
point.
C
It's
a
windows
node
and
we
can
completely
ignore
the
user,
which
doesn't
compute
for
or
doesn't
make
any
sense
for
a
for
a
windows,
pod
or
a
windows,
container
cool,
yeah
I'll.
Take
a.
C
C
E
Cool
thanks.
E
B
Yeah
I
did,
but
all
the
points
were
already
set.
So
there
was
no
point
to
speak
anymore.
A
Okay,
all
right
and
do
we
have
brandon
on
the
call
yep.
F
I'm
here,
yeah,
hey
everyone,
so
just
a
quick
update
from
last
week
on
this,
the
escape
that
was
kind
of
published
here
in
that
article.
So
this
is
actually
something
that
we
we
did
address
back
in
january
as
part
of
limiting
the
the
privileges
or
the
capabilities
of
the
container
processes
to
obtain
the
obtain
the
tcp
privilege.
F
So
basically,
in
a
if
you're
running
in
a
container,
and
if
you
have
a
container
process,
that's
attempting
to
obtain
tcp
privileges,
the
host
will
directly
block
it
as
a
container
process
so
that
build.
I
posted
in
the
meeting
notes,
is
the
build
in
which
this
fix
was
released,
and
so,
if
you
have,
if
you
have
this
build
or
if
you
have
people
asking
when
this
fix
was
released,
you
can
send
them
this
version
and
everything
should
be
included
in
there.
So
pretty
much.
F
If
you're
on
the
latest
security
updates,
you
should
be
totally
fine
and
protected
from
this.
I
think
the
other
component
of
the
the
malware
posted
there
was
pretty
much
just
an
improper.
You
know
security
pod
configuration
that
they
that
they,
you
know,
kind
of
kind
of
were
relying
on.
So
as
long
as
you
have
your
security
configurations
set
properly
and
you're
on
the
latest
windows
security
updates,
then
this
should
not
be
a
problem
at
all.
C
So
brandon
quickly,
so
what
the
person,
whoever
posted
that
siloscape
has
done,
is
they're
on
purpose
running
an
os
build
that
doesn't
have
this
fix
right
so
that.
F
Yeah
because
I
think
they
they
posted
an
article
last
year,
that
was
on
a
similar
front,
and
this
is
you
know
we
we,
we
fixed
the
issue
from
that,
and
I
I
guess
they
kind
of
just
wanted
to
continue
off
of
their
previous
work.
E
C
D
James,
do
you
think,
do
you
think
it's
worth
adding
a
ghost
check
into
image
builder
to
make
sure
that,
if
you're
building
a
node
with
image
builder,
then
you're
on
the
like
a
version
after
this
to
sort
of
a
bit
of
a
prompt
to
say,
you're
doing
something
stupid?
If,
if
we
don't
get
like,
if
you're
not
building
the
latest
version,
basically.
E
I
I
would
say
not
specifically
for
this
one,
because
I
mean
the
escapes
come
and
like
we,
we
keep
a
close
eye.
Ben
was
explaining
right.
Our
whole
security
team
is
like
optimized
for
this.
Brandon
teams
play
a
big
part,
so
I
think
it
would
be
a
good
check
to
just
say,
like
hey
you're,
not
on
the
latest
security
fix.
That
would
be
good,
but
not
specifically
targeting
a
specific
fix
or
not.
A
Yeah,
it
seems
to
me
maybe
a
warning
that
hey
you're
you're
not
on
the
latest
or
you're
x
behind
and
that
you
should
be
moving
towards
the
thing,
but
I
don't
know
like
if
we
put
it
as
one
like
in
the
january
version,
then
you
know
that's
six
months
ago,
so
it'll.
It
won't
really
do
much
in
in
a
year
or
two.
So.
D
D
E
I
think
sorry,
I
I
think
through
powershell
and
I'm
trying
to
look
up
the
command.
I
think
there
is
a
command
that
gets
you
what
version
you
are
in
right
and
then
we,
our
security,
fixes
and
correct
me
if
I'm
wrong
here
brandon,
but
is
there
is
a
way
to
identify
which,
month
and
year
and
all
that
right,
like
we,
not
the
kb
number,
but
actually
the
the
build
number
probably
is
based
off
of
year
and
month.
E
So
we
could
like
pull
up
the
then
the
theoretically,
if
we
could
pull
up
the
year
and
the
month
and
date
and
kind
of
like
append
to
it
and
then
see
if
it
works.
I
don't
know
if
that
will
work,
but.
F
Yeah,
I
mean,
at
least
in
terms
of
you
know,
pulling
a
new
image
like
when
we,
when
we
patch
we
release
the
servicing
patch,
it
gets
pushed
to
mcr
almost
immediately
or
at
least
very
quickly.
So
if
there's
a
new
container
image
available,
then
that's
you
know
pretty
much
the
latest
security
patch
on
mcr
and
in
terms
of
the
host
version,
I
think
you
can
go
through
the
regular
windows,
security
updates.
Just
regular
windows
update.
A
A
All
right
that
looks
like
it
was
the
last
item
on
the
agenda.
Did
anybody
else
have
anything
they
wanted
to
bring
up
ad
hoc?
Otherwise
we
can
give
back
a
few
minutes.
C
C
There
is
potential
that
it
might
not
hit
the
july
8th
or
july
11th.
Whenever
the
code
freezes,
I've
been
able
to
add
the.
What
is
it
called
the
feature
flag?
The
cube
led
lead
siders
is
taking
me
some
some
doing
just
wanting
to
give
people.
You
know
a
quick
heads
up
as
early
as
I
can.
A
Is
there
anything
you
need
help
with
that,
you
can
answer
questions
or
anything.
C
Yeah,
it's
I'm
just
trying
to
figure
out
what
we
have
done
in
oc
and
I'm
trying
to
move
that
to
the
keep
cuddle.
It's
it's
not
a
easy
migration
when
compared
to
cubelet.
So
that's
where
I'm
I'm
running
into
trouble,
I'm
trying
to
get
some
help
from
some
of
the
oc
folks
to
see.
What's
the
easiest
way
to
do
this
great.
A
I
guess
I
I'll
give
a
quick
update
on
privilege
containers,
so
I'm
working
on
getting
the
tests
up
and
running,
and
one
thing
I
did
find
in
container
d
since
we
don't
have
support
through
the
cry
which
perry
has
an
open
pr
to
actually
enable
that
if,
if
you're
trying
that
out
currently
you
do
need
to
pass
a
couple
extra
commands
to
or
a
couple
extra
fields
to
the
config
to
make
sure
the
annotations
get
passed
all
the
way
through
down
to
hts
shim.
A
And
I
can
drop
a
link
into
the
into
the
slack
channel
after
this.
But
if
you
are
trying
that
out
and
you're
not
seeing
them
come
up
as
proper
post
process
containers,
then
you
might
be
missing
that
continuity
configuration.
A
A
Else:
okay,
great!
Well,
then,
I
think
we'll
end
it
here
I'll,
stop
the
recording
and
then
I'll
hand
it
over
to
jay
and
we'll
do
the
after
hours
and
if
you
want
to
get
some
hands-on
and
play
with
the
dev
environment
that
friedrich
and
sladen
have
been
working
on
and
of
several
other
people.
Sorry,
if
I
forget
your
name,
please
stick
around
and
yeah
yeah.
We
can
get
some
hands
on
all
right.
Talk
to
you
all
later,
all
right,
bye,
folks,.