<div dir="ltr">Probably it is an architecture problem. seccomp is enabled in kernel and lxc-checkconfig shows everything enabled too. Though there's no security in /sys/kernel.<div>I managed to run containers when I told LXD to ignore the policy by "<span style="color:rgb(69,69,69);font-family:Helvetica;font-size:12px">lxc profile set default raw.lxc lxc.seccomp=". </span>I would like to write a policy for ARM architecture. Any ideas?</div><div><br></div><div> </div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 25, 2016 at 6:54 PM, Serge Hallyn <span dir="ltr"><<a href="mailto:serge.hallyn@ubuntu.com" target="_blank">serge.hallyn@ubuntu.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Quoting Muneeb Ahmad (<a href="mailto:muneeb.gandapur@gmail.com">muneeb.gandapur@gmail.com</a>):<br>
...<br>
<span class="">> lxc 20160421151846.936 ERROR lxc_utils - utils.c:mkdir_p:253<br>
> - Permission denied - failed to create directory<br>
> '/usr/lib/arm-linux-gnueabihf/lxc/sys/firmware/efi/'<br>
><br>
</span>...<br>
<span class="">> lxc 20160421151846.937 ERROR lxc_utils - utils.c:mkdir_p:253<br>
> - Permission denied - failed to create directory<br>
> '/usr/lib/arm-linux-gnueabihf/lxc/sys/fs/pstore'<br>
</span>...<br>
<span class="">> lxc 20160421151846.938 ERROR lxc_utils - utils.c:mkdir_p:253<br>
> - Permission denied - failed to create directory<br>
> '/usr/lib/arm-linux-gnueabihf/lxc/sys/kernel/security'<br>
</span><span class="">> lxc 20160421101847.173 ERROR lxc_seccomp -<br>
<br>
> seccomp.c:lxc_seccomp_load:615 - Error loading the seccomp policy<br>
><br>
> lxc 20160421151847.174 ERROR lxc_sync -<br>
> sync.c:__sync_wait:52 - An error occurred in another process (expected<br>
> sequence number 4)<br>
<br>
</span>I question your kernel support. Those directories, especially<br>
/sys/kernel/security, should exist - you should be getting EEXIST not<br>
EPERM. The seccomp policy load could be an architecture related bug<br>
in lxc's code, but given your other errors seems just as likely to<br>
be lack of seccomp support in the kernel.<br>
<br>
What does lxc-checkconfig show?<br>
<div class=""><div class="h5">_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></div></div></blockquote></div><br></div></div>