Re: How to disable seccomp in systemd-nspawn?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fr, 26.06.20 21:43, Mohan R (mohan43u@xxxxxxxxx) wrote:

> Hi
>
> On Fri, Jun 26, 2020 at 9:23 PM Lennart Poettering
> <lennart@xxxxxxxxxxxxxx> wrote:
> > You might need a newer libseccomp so that the syscall is actually
> > known by it. openat2 is a very recent syscall addition, and you need
> > to update libseccomp in lockstep if you want it to grok it.
>
> Thanks for the details, I'll look into it. Anyway, is there any
> specific reason for not providing an option to disable seccomp (or
> make seccomp opt-in instead of default)?

Noone asked for this, and it's a bit hacky to do this.

That said, I'd merge a patch that would make it optional, depending on
some env var being set. (env vars is how we make the stuff
configurable in nspawn we don't really want people to use).

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux