Description
I would like to give a container access to some host resource. And I am thinking about modeling this as a CDI resource as I think it is a very good fit to manage this exclusive access resources. I think with the environment variables and the mounts I have most of what is needed. The only thing missing is that I need to also give the container an additional capability (NET_RAW) which is not available by default in podman. I could provide it to the runtime as a separate parameter, but this means I need to know that I need to add the capability when assigning the CDI resource to a container.
I was thinking if it makes sense to also specify required capabilities in a CDI spec file. So, the container runtime can automatically assign them if permitted by the host runtime.