Hi, Thanks for the reply. Sorry I missed it -- I'm still in the process of subscribing to the list and caught the reply in the archives.
I'm not seeing a lot in syslog when I attempt to start the container. I do see messages indicating that apparmor is disabled. Checking the kernel config, I've got seccomp and no SELinux, AppArmor or friends. The security framework is the discretionary access control module: odroid@minion3:~$ zcat /proc/config.gz |egrep _SECURITY\|SECOMP CONFIG_EXT4_FS_SECURITY=y CONFIG_REISERFS_FS_SECURITY=y CONFIG_JFS_SECURITY=y # CONFIG_SECURITY_DMESG_RESTRICT is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" Looking at the LXC/LXD log output when starting the container, I see some seccomp-related stuff that appears to succeed and some that doesn't, but none of it looks fatal to my eye. I've attached a (gzipped plaintext) copy of the log output here in case it has anything of any consequence. I can start a container using lxc-create and the busybox template and specify '--define lxc.cap.drop=mac_admin' and still get a shell. I didn't strace it to see if it actually succeeded. Thanks again for your help so far. Cheers Matt
start-lxc.gz
Description: GNU Zip compressed data
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
