Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: b5ed021bbc47efe77732b38b5946116be94367e1
https://github.com/lxc/lxc/commit/b5ed021bbc47efe77732b38b5946116be94367e1
Author: Christian Brauner <christian.brau...@ubuntu.com>
Date: 2018-04-13 (Fri, 13 Apr 2018)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: handle arch inversion
This commit deals with different kernel and userspace layouts and nesting. Here
are three examples:
1. 64bit kernel and 64bit userspace running 32bit containers
2. 64bit kernel and 32bit userspace running 64bit containers
3. 64bit kernel and 64bit userspace running 32bit containers running 64bit
containers
Two things to lookout for:
1. The compat arch that is detected might have already been present in the main
context. So check that it actually hasn't been and only then add it.
2. The contexts don't need merging if the architectures are the same and also
can't be.
With these changes I can run all crazy/weird combinations with proper seccomp
isolation.
Closes #654.
Link: https://bugs.chromium.org/p/chromium/issues/detail?id=832366
Reported-by: Chirantan Ekbote <chiran...@chromium.org>
Reported-by: Sonny Rao <sonny...@chromium.org>
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
Commit: 2c80e9cf156f8b9d0d1ef46705f9418e09d2d89f
https://github.com/lxc/lxc/commit/2c80e9cf156f8b9d0d1ef46705f9418e09d2d89f
Author: Serge Hallyn <se...@hallyn.com>
Date: 2018-04-13 (Fri, 13 Apr 2018)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
Merge pull request #2274 from
brauner/2018-04-13/fix_seccomp_with_personality_and_64bit_kernel_32_bit_userspace
seccomp: handle arch inversion
Compare: https://github.com/lxc/lxc/compare/bf5afb017428...2c80e9cf156f_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
