Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.

Flyte

I was trying out Raw Containers and realized that the <https://github.com/flyteorg/flyte/blob/bb285d69c17c8d459eb5417a008d2f3058d4bc22/flyteplugins/go/tasks/pluginmachinery/flytek8s/copilot.go#L27|Flyte Sidecar requires> `SYS_PTRACE` capability.

<https://github.com/flyteorg/flyte/issues/2162#issuecomment-1261120416|This comment here >mentions that it is configurable. Would someone be able to point me to the configuration?

I guess this was done to share the process namespace of the main container with the sidecar <https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/>

Is there any security risk to the host/node due to this? Or is this isolated within the Pod.

We currently use Argo Workflows with the emissary executor, which does not require privileged access. <https://argo-workflows.readthedocs.io/en/latest/workflow-executors/#emissary-emissary>

is this useful? <https://github.com/flyteorg/flyteplugins/pull/264>

Right, but I don't know how to use this. There are also some conflicts in the PR.