On Tue, Mar 03, 2015 at 05:18:00PM +, Jay Faulkner wrote:
On Mar 3, 2015, at 8:55 AM, Topi Miettinen
toiwo...@gmail.commailto:toiwo...@gmail.com wrote:
On 03/03/15 01:28, Jay Faulkner wrote:
Hey,
Lennart reviewed this in IRC and suggested I refactor the change in this
manner. Now,
On 03/03/15 01:28, Jay Faulkner wrote:
Hey,
Lennart reviewed this in IRC and suggested I refactor the change in this
manner. Now, we have an array of capability:sys call pairs, and iterate
through that and then only add the seccomp filter if the capability
doesn’t exist.
The new patch is
On Mar 3, 2015, at 8:55 AM, Topi Miettinen
toiwo...@gmail.commailto:toiwo...@gmail.com wrote:
On 03/03/15 01:28, Jay Faulkner wrote:
Hey,
Lennart reviewed this in IRC and suggested I refactor the change in this
manner. Now, we have an array of capability:sys call pairs, and iterate
through
Hey,
Lennart reviewed this in IRC and suggested I refactor the change in this
manner. Now, we have an array of capability:sys call pairs, and iterate through
that and then only add the seccomp filter if the capability doesn’t exist.
The new patch is attached, and available here:
Hi all,
My apologies if this is frowned upon, but this has been posted for a week and I
haven’t gotten any feedback on it. I’d appreciate if this could get reviewed
and if adequate, merged. I’m waiting on this change in order to be able to
continue using systemd-nspawn containers, properly
Hi all,
At the suggestion (and with the assistance of) a co-worker, we remade this
patch to not have quite as much repeated code. The new version is attached and
can be found here https://github.com/jayofdoom/systemd/pull/4.patch — thanks!
refactor-nspawn-map-seccomp-to-capabilities.patch
After some additional testing, I found a bug in this patch where it would not
compile with seccomp disabled. I’ve updated the patch at
https://github.com/jayofdoom/systemd/pull/4.patch — also I’ve attached the
fixed patch.
-Jay
refactor-nspawn-map-seccomp-to-capabilities.patch
Description: