[lxc-devel] LXC in the context of a grsecurity enabled kernel

[Andrian Nord]

>     So to put the question another way: is it recommended to use LXC
> with a grsec kernel? If so what are the guide-lines? (What should not
> be enabled?)

Enable sysctl interface and try to shutdown /proc/sys/kernel/grsecurity/chroot_*
restrictions one by one, while trying lxc-start, until it will success.

At least, you should not use chroot-capabilities restrictions and some
others, I'm not sure - I was using grsec only with openvz.