[lxc-devel] [lxc/lxc] 11de80: seccomp: allow x32 guests on amd64 hosts.

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 11de80d63cbece239779babe30a50aaa4df8340e
      https://github.com/lxc/lxc/commit/11de80d63cbece239779babe30a50aaa4df8340e
  Author: Adam Borowski <kilobyte at angband.pl>
  Date:   2017-02-12 (Sun, 12 Feb 2017)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  seccomp: allow x32 guests on amd64 hosts.

Without this patch, x32 guests (and no others) worked "natively" with x32
host lxc, but not on regular amd64 hosts.  That was especially problematic
as a number of ioctls such as those needed by netfilter don't work in such
scenarios, thus you want to run amd64 on the host.

With the patch, you can use all three ABIs: i386 x32 amd64 on amd64 hosts.

Despite x32 being little used, there's no reason to deny it by default:
the admin needs to compile their own kernel with CONFIG_X86_X32=y or (on
Debian) boot with syscall.x32=y.  If they've done so, it is a reasonable
assumption they want x32 guests.

Signed-off-by: Adam Borowski <kilobyte at angband.pl>


  Commit: c5bce6ee3c2e03fb643df1cacef5859a78723f97
      https://github.com/lxc/lxc/commit/c5bce6ee3c2e03fb643df1cacef5859a78723f97
  Author: Serge Hallyn <serge at hallyn.com>
  Date:   2017-02-14 (Tue, 14 Feb 2017)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  Merge pull request #1428 from kilobyte/master

fix seccomp blocking x32 guests on amd64 (userspace) hosts


Compare: https://github.com/lxc/lxc/compare/1f14c2ea3d54...c5bce6ee3c2e