[lxc-users] How to disable 32bit emulation within a 64bit container
Stéphane Graber
stgraber at ubuntu.com
Sun May 10 15:08:39 UTC 2015
On Sun, May 10, 2015 at 09:00:22AM -0400, Michael H. Warfield wrote:
> On Sun, 2015-05-10 at 14:54 +1000, Boyok Mad wrote:
> > Hi
> >
> >
> > I want to disable 32bit emulation within my ubuntu container. I think
> > this can be achieved by setting seccomp filter or cap.drop config (I
> > may be wrong as I am very new to both of features)
> > https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html
>
> I don't believe that is even conceptually possible. The 64 bit x86
> instruction set is an inclusive superset of the 32 bit instruction set.
> Any 32 bit assembly language instruction will run on a 64 bit CPU.
> That's the very nature of "backward compatibility" in the CPU
> architecture. The 32 bit instructions are not being emulated at all.
> They run native on the iron.
You can however use seccomp to block all 32bit syscalls.
> >
> > Is it possible to disable specific system calls to disallow a
> > container run any 32bit executable? if so, how the seccom/cap.drop
> > config should look like? if not, is there anyway to disable 32bit
> > emulation within a lxc container?
> >
> >
> > P.S. I tried removing support for i386 packages within a container,
> > but it still runs 32bit binaries.
> >
> >
> > Cheers,
> >
> > Boy
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150510/2554bb9d/attachment.sig>
More information about the lxc-users
mailing list