[lxc-devel] [lxc/lxc] 3e9671: Revert "seccomp: add rules for specified architect...

Mon Jan 21 14:33:07 UTC 2019

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 3e9671a15d68701b56a6722081aafb3ba0358f49
      https://github.com/lxc/lxc/commit/3e9671a15d68701b56a6722081aafb3ba0358f49
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2019-01-21 (Mon, 21 Jan 2019)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  Revert "seccomp: add rules for specified architecture only"

This reverts commit f1bcfc796e0a4a04b36284f6261afff59123b1aa.

The reverted branch breaks starting all seccomp confined containers. Not
even a containers with our standard seccomp profile starts correctly.
This is strong evidence that these changes have never been tested even
with a standard workload. That is unacceptable!

We are still happy to merge that feature but going forward we want tests
that verify that standard workloads and new features work correctly.
seccomp is a crucial part of our security story and I will not let the
be compromised by missing tests!

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>

  Commit: 5283a1182eec6e7a625026bfdab8ebe4deb10ea2
      https://github.com/lxc/lxc/commit/5283a1182eec6e7a625026bfdab8ebe4deb10ea2
  Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
  Date:   2019-01-21 (Mon, 21 Jan 2019)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  Merge pull request #2794 from brauner/2019-01-21/revert_seccomp_fuckup

Revert "seccomp: add rules for specified architecture only"

Compare: https://github.com/lxc/lxc/compare/b6825c4b7bd3...5283a1182eec
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.