On Wed, 04.02.15 02:21, Jay Faulkner (j...@jvf.cc) wrote:
I am not particularly fond of the idea of adding a completely new
command line option for this though. Maybe we can find another way for
this.
For example, one option could be to split the seccomp syscall
blacklist in two:
On Feb 3, 2015, at 3:52 PM, Lennart Poettering lenn...@poettering.net wrote:
On Tue, 03.02.15 23:22, Jay Faulkner (j...@jvf.cc) wrote:
Hi all,
As I posted last week, a change merged a while ago to systemd-nspawn
adding seccomp protections with no ability to enable/disable broke
the
Hi all,
As I posted last week, a change merged a while ago to systemd-nspawn adding
seccomp protections with no ability to enable/disable broke the Ironic Python
Agent ramdisk which utilizes CoreOS and systemd. The attached patch makes the
behavior optional, with it defaulting to disabled. I
For context this puts a toggle on this feature added to nspawn:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=28650077f36466d9c5ee27ef2006fae3171a2430
I encouraged Jay to make it an opt-in flag so as to not break other
people who had working setups when using nspawn as a minimal ns
On Tue, 03.02.15 23:22, Jay Faulkner (j...@jvf.cc) wrote:
Hi all,
As I posted last week, a change merged a while ago to systemd-nspawn
adding seccomp protections with no ability to enable/disable broke
the Ironic Python Agent ramdisk which utilizes CoreOS and
systemd. The attached patch