Changes to satisfy code review

Signed-off-by: Charro Gruver <[email protected]>
containers · Feb 13, 2025 · 07bc341 · 07bc341
1 parent 483f229
commit 07bc341
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 11 deletions.
diff --git a/docs/ramalama-run.1.md b/docs/ramalama-run.1.md
@@ -32,7 +32,13 @@ path of the authentication file for OCI registries
 size of the prompt context (default: 2048, 0 = loaded from model)
 
 #### **--device**
-declare host device to leak into the container 
+Add a host device to the container. Optional permissions parameter  can
+be  used  to  specify device permissions by combining r for read, w for
+write, and m for mknod(2).
+
+Example: --device=/dev/dri/renderD128:/dev/xvdc:rwm
+
+The device specifiaction is passed directly to the underlying container engine.  See documentation of the supported container engine for more information.
 
 #### **--help**, **-h**
 show this help message and exit
@@ -47,7 +53,22 @@ name of the container to run the Model in
 set the network mode for the container
 
 #### **--privileged**
-give extended privileges to container
+By  default, RamaLama containers are unprivileged (=false) and cannot, for
+example, modify parts of the operating system. This is  because  by  de‐
+fault  a  container is only allowed limited access to devices. A "privi‐
+leged" container is given the same access to devices as the user launch‐
+ing the container, with the exception of virtual consoles  (/dev/tty\d+)
+when running in systemd mode (--systemd=always).
+
+A  privileged container turns off the security features that isolate the
+container from the host. Dropped Capabilities,  limited  devices,  read-
+only  mount points, Apparmor/SELinux separation, and Seccomp filters are
+all disabled.  Due to the disabled  security  features,  the  privileged
+field  should  almost never be set as containers can easily break out of
+confinement.
+
+Containers running in a user namespace (e.g., rootless containers)  can‐
+not have more privileges than the user that launched them.
 
 #### **--seed**=
 Specify seed rather than using random seed model interaction

diff --git a/docs/ramalama-serve.1.md b/docs/ramalama-serve.1.md
@@ -47,7 +47,13 @@ The default is TRUE. The --nocontainer option forces this option to False.
 Use the `ramalama stop` command to stop the container running the served ramalama Model.
 
 #### **--device**
-declare host device to leak into the container 
+Add a host device to the container. Optional permissions parameter  can
+be  used  to  specify device permissions by combining r for read, w for
+write, and m for mknod(2).
+
+Example: --device=/dev/dri/renderD128:/dev/xvdc:rwm
+
+The device specifiaction is passed directly to the underlying container engine.  See documentation of the supported container engine for more information.
 
 #### **--generate**=type
 Generate specified configuration format for running the AI Model as a service
@@ -74,7 +80,22 @@ set the network mode for the container
 port for AI Model server to listen on
 
 #### **--privileged**
-give extended privileges to container
+By  default, RamaLama containers are unprivileged (=false) and cannot, for
+example, modify parts of the operating system. This is  because  by  de‐
+fault  a  container is only allowed limited access to devices. A "privi‐
+leged" container is given the same access to devices as the user launch‐
+ing the container, with the exception of virtual consoles  (/dev/tty\d+)
+when running in systemd mode (--systemd=always).
+
+A  privileged container turns off the security features that isolate the
+container from the host. Dropped Capabilities,  limited  devices,  read-
+only  mount points, Apparmor/SELinux separation, and Seccomp filters are
+all disabled.  Due to the disabled  security  features,  the  privileged
+field  should  almost never be set as containers can easily break out of
+confinement.
+
+Containers running in a user namespace (e.g., rootless containers)  can‐
+not have more privileges than the user that launched them.
 
 #### **--seed**=
 Specify seed rather than using random seed model interaction

diff --git a/ramalama/cli.py b/ramalama/cli.py
@@ -233,12 +233,6 @@ def configure_arguments(parser):
         help="store AI Models in the specified directory",
     )
     parser.add_argument("-v", "--version", dest="version", action="store_true", help="show RamaLama version")
-    # parser.add_argument("--device",
-    #     dest="device",
-    #     action='append',
-    #     type=str,
-    #     # nargs=1,
-    #     help="Device to leak in to the running container")
 
 
 def configure_subcommands(parser):

diff --git a/ramalama/model.py b/ramalama/model.py
@@ -189,7 +189,6 @@ def setup_container(self, args):
 
         if args.device:
             for device_arg in args.device:
-                print(device_arg)
                 conman_args += ["--device", device_arg]
         else:
             if (sys.platform == "darwin" and os.path.basename(args.engine) != "docker") or os.path.exists("/dev/dri"):