[lxc-users] How to disable 32bit emulation within a 64bit container
Michael H. Warfield
mhw at WittsEnd.com
Sun May 10 13:00:22 UTC 2015
On Sun, 2015-05-10 at 14:54 +1000, Boyok Mad wrote:
> Hi
>
>
> I want to disable 32bit emulation within my ubuntu container. I think
> this can be achieved by setting seccomp filter or cap.drop config (I
> may be wrong as I am very new to both of features)
> https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html
I don't believe that is even conceptually possible. The 64 bit x86
instruction set is an inclusive superset of the 32 bit instruction set.
Any 32 bit assembly language instruction will run on a 64 bit CPU.
That's the very nature of "backward compatibility" in the CPU
architecture. The 32 bit instructions are not being emulated at all.
They run native on the iron.
>
> Is it possible to disable specific system calls to disallow a
> container run any 32bit executable? if so, how the seccom/cap.drop
> config should look like? if not, is there anyway to disable 32bit
> emulation within a lxc container?
>
>
> P.S. I tried removing support for i386 packages within a container,
> but it still runs 32bit binaries.
>
>
> Cheers,
>
> Boy
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150510/9c7c9e68/attachment.sig>
More information about the lxc-users
mailing list