[lxc-users] Failure to start a container with 'lxc.seccomp' option set

Nels Nelson nels.n.nelson at gmail.com
Mon Apr 28 19:03:42 UTC 2014


On Mon, Apr 28, 2014 at 1:47 PM, Serge Hallyn <serge.hallyn at ubuntu.com>wrote:
>
> Drat.  just to make sure, you don't have any start hooks defined do you?
> What distro/release is the guest running?  My guess is that init is
> running mknod, and immediately getting killed.
>

I don't think I have any start hooks defined, no.  I'm just using the
default lxc-ubuntu template.

So, black-listing mknod without 'errno 0' does allow the instance to start.

Upon testing, I can confirm that the instance which is now running with the
seccomp black-list
is not capable of creating devices manually with mknod.

Thanks,
-Nels
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140428/2246294b/attachment-0001.html>


More information about the lxc-users mailing list