[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] I am working on seccomp integration into docker for project Atomic.

From: SGhosh <sghosh redhat com>
To: Jon Stanley <jonstanley gmail com>, Daniel J Walsh <dwalsh redhat com>
Cc: atomic-devel projectatomic io
Subject: Re: [atomic-devel] I am working on seccomp integration into docker for project Atomic.
Date: Tue, 28 Oct 2014 09:33:18 -0400

On 10/28/2014 08:47 AM, Jon Stanley wrote:

On Tue, Oct 28, 2014 at 7:59 AM, Daniel J Walsh<dwalsh redhat com>  wrote:

>syscalls, by default.  On an X86_64 system x32 and i686 syscalls will be
>eliminated.

This seems problematic in the fact that you couldn't then run a 32-bit
application in a container, unless I'm missing something.


Dan

- would it be possible to have runtime instantiated seccomp profiles?
eg. decide early on whether the i686 syscalls will be allowed or not?

additive profiles like tuned?

-subhendu

Follow-Ups:
- Re: [atomic-devel] I am working on seccomp integration into docker for project Atomic.
  - From: Daniel J Walsh

References:
- [atomic-devel] I am working on seccomp integration into docker for project Atomic.
  - From: Daniel J Walsh
- Re: [atomic-devel] I am working on seccomp integration into docker for project Atomic.
  - From: Jon Stanley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]