Blueprint changed by Serge Hallyn: Whiteboard changed: Status: not yet started The seccomp2 patch in the oneiric kernel supports execve, but is not yet upstream. There is a minijail0 POC general sandbox tool which works on precise and could be packaged. LXC support for seccomp2 should be possible. Work Items: [jjohansen] Get seccomp2 into ubuntu kernel or ppa for testing: DONE - [serge-hallyn] Package minijail0: TODO - [serge-hallyn] Send POC of lxc integration to lxc-dev: TODO - [serge-hallyn] Write testcases for lxc seccomp2 integration: TODO + [serge-hallyn] First review of new approach: DONE + [serge-hallyn] Lkml review of new approach: TODO + [serge-hallyn] Package minijail0: POSTPONED + [serge-hallyn] Send POC of lxc integration to lxc-dev: POSTPONED + [serge-hallyn] Write testcases for lxc seccomp2 integration: POSTPONED + + Comments: + A patch with a new approach is being worked on. As such, the + previously planned work items do not make sense for this cycle + and have been marked POSTPONED.
-- Sandboxing for containers https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-lxc-sandboxing -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
