[lxc-devel] [lxc/lxc] 214a98: ubuntu containers: use a seccomp filter by default...
GitHub
noreply at github.com
Fri Jun 20 21:37:11 UTC 2014
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 214a98ef56b487ed9ca5a021f2e44bb7525e82ec
https://github.com/lxc/lxc/commit/214a98ef56b487ed9ca5a021f2e44bb7525e82ec
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-06-20 (Fri, 20 Jun 2014)
Changed paths:
M config/templates/Makefile.am
M config/templates/ubuntu.common.conf.in
A config/templates/ubuntu.priv.seccomp
M config/templates/ubuntu.userns.conf.in
Log Message:
-----------
ubuntu containers: use a seccomp filter by default (v2)
Blacklist module loading, kexec, and open_by_handle_at (the cause of the
not-docker-specific dockerinit mounts namespace escape).
This should be applied to all arches, but iiuc stgraber will be doing
some reworking of the commonizations which will simplify that, so I'm
not doing it here.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
More information about the lxc-devel
mailing list