[lxc-devel] [lxc/lxc] 11de80: seccomp: allow x32 guests on amd64 hosts.
noreply at github.com
Wed Feb 15 05:35:04 UTC 2017
Author: Adam Borowski <kilobyte at angband.pl>
Date: 2017-02-12 (Sun, 12 Feb 2017)
seccomp: allow x32 guests on amd64 hosts.
Without this patch, x32 guests (and no others) worked "natively" with x32
host lxc, but not on regular amd64 hosts. That was especially problematic
as a number of ioctls such as those needed by netfilter don't work in such
scenarios, thus you want to run amd64 on the host.
With the patch, you can use all three ABIs: i386 x32 amd64 on amd64 hosts.
Despite x32 being little used, there's no reason to deny it by default:
the admin needs to compile their own kernel with CONFIG_X86_X32=y or (on
Debian) boot with syscall.x32=y. If they've done so, it is a reasonable
assumption they want x32 guests.
Signed-off-by: Adam Borowski <kilobyte at angband.pl>
Author: Serge Hallyn <serge at hallyn.com>
Date: 2017-02-14 (Tue, 14 Feb 2017)
Merge pull request #1428 from kilobyte/master
fix seccomp blocking x32 guests on amd64 (userspace) hosts
More information about the lxc-devel