Quoting Nels Nelson ([email protected]):
> Greetings, Serge,-
>
> Here is the additional information that you requested:
>
> https://gist.github.com/nelsnelson/11298117
>
> Thanks for looking into this for me.
Ok, thanks. That looks exactly as I'd expect:
lxc-start 1398611507.445 DEBUG lxc_start - Container violated its
seccomp policy
I'm not sure what your sandboxing goal is, but take a look at
/usr/share/lxc/seccomp.full
created by /usr/share/lxc/seccomp.script (if you're on ubuntu) for a whitelist
policy
that should generally work. A blacklist policy generally will be easier to
deal with,
which would lookk like:
2
blacklist
mknod
(to disallow the mknod syscall only)
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
