[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] I am working on seccomp integration into docker for project Atomic.



On 10/28/2014 08:47 AM, Jon Stanley wrote:
On Tue, Oct 28, 2014 at 7:59 AM, Daniel J Walsh<dwalsh redhat com>  wrote:

>syscalls, by default.  On an X86_64 system x32 and i686 syscalls will be
>eliminated.
This seems problematic in the fact that you couldn't then run a 32-bit
application in a container, unless I'm missing something.


Dan

- would it be possible to have runtime instantiated seccomp profiles?
eg. decide early on whether the i686 syscalls will be allowed or not?

additive profiles like tuned?

-subhendu


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]