Blueprint changed by Robbie Williamson: Whiteboard changed: Status: not yet started The new candidate seccomp2 patch refuses execve, and is therefore not compatible with LXC. A general sandbox tool is still possible, and seccomp2 may later be extended to be usable with LXC. Work Items: - [jjohansen] Get seccomp2 into ubuntu kernel or ppa for testing: POSTPONED - [serge-hallyn] Work with jjohansen/kees/upstream to design generic sandbox program: POSTPONED - [serge-hallyn] Propose design for lxc integration to lxc-dev: POSTPONED - [serge-hallyn] Implement prototype of lxc seccomp2 integration: POSTPONED - [serge-hallyn] Write testcases for lxc seccomp2 integration: POSTPONED + [jjohansen] Get seccomp2 into ubuntu kernel or ppa for testing: TODO + [serge-hallyn] Work with jjohansen/kees/upstream to design generic sandbox program: TODO + [serge-hallyn] Propose design for lxc integration to lxc-dev: TODO + [serge-hallyn] Implement prototype of lxc seccomp2 integration: TODO + [serge-hallyn] Write testcases for lxc seccomp2 integration: TODO
-- Sandboxing for containers https://blueprints.launchpad.net/ubuntu/+spec/server-o-lxc-sandboxing -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
