[Blueprint servercloud-p-lxc-sandboxing] Sandboxing for containers

Blueprint changed by Serge Hallyn: Whiteboard changed: Status: not yet started The seccomp2 patch in the oneiric kernel supports execve, but is not yet upstream. There is a minijail0 POC general sandbox tool which works on precise and could be packaged. LXC support for seccomp2 should be

[Blueprint servercloud-p-lxc-sandboxing] Sandboxing for containers

Blueprint changed by Serge Hallyn: Whiteboard changed: Status: not yet started The seccomp2 patch in the oneiric kernel supports execve, but is not yet upstream. There is a minijail0 POC general sandbox tool which works on precise and could be packaged. LXC support for seccomp2 should be

[Blueprint servercloud-p-lxc-sandboxing] Sandboxing for containers

Blueprint changed by Robbie Williamson: Drafter: Serge Hallyn = Ubuntu Server Team -- Sandboxing for containers https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-lxc-sandboxing -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe

[Blueprint servercloud-p-lxc-sandboxing] Sandboxing for containers

Blueprint changed by Robbie Williamson: Approver: Robbie Williamson = Dave Walker -- Sandboxing for containers https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-lxc-sandboxing -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe

[Blueprint servercloud-p-lxc-sandboxing] Sandboxing for containers

Blueprint changed by Serge Hallyn: Whiteboard changed: Status: not yet started - The new candidate seccomp2 patch refuses execve, and is therefore not compatible with LXC. A general sandbox tool is still possible, and seccomp2 may later be extended to be usable with LXC. + The seccomp2 patch

[Blueprint servercloud-p-lxc-sandboxing] Sandboxing for containers

Blueprint changed by Serge Hallyn: Whiteboard changed: Status: not yet started The seccomp2 patch in the oneiric kernel supports execve, but is not yet upstream. There is a minijail0 POC general sandbox tool which works on precise and could be packaged. LXC support for seccomp2 should be

[Blueprint servercloud-p-lxc-sandboxing] Sandboxing for containers

Blueprint changed by Jamie Strandboge: Whiteboard changed: Status: not yet started The new candidate seccomp2 patch refuses execve, and is therefore not compatible with LXC. A general sandbox tool is still possible, and seccomp2 may later be extended to be usable with LXC. Work Items:

[Blueprint servercloud-p-lxc-sandboxing] Sandboxing for containers

Blueprint changed by Jamie Strandboge: Whiteboard changed: Status: not yet started The new candidate seccomp2 patch refuses execve, and is therefore not compatible with LXC. A general sandbox tool is still possible, and seccomp2 may later be extended to be usable with LXC. Work Items: