Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 214a98ef56b487ed9ca5a021f2e44bb7525e82ec
https://github.com/lxc/lxc/commit/214a98ef56b487ed9ca5a021f2e44bb7525e82ec
Author: Serge Hallyn <serge.hal...@ubuntu.com>
Date: 2014-06-20 (Fri, 20 Jun 2014)
Changed paths:
M config/templates/Makefile.am
M config/templates/ubuntu.common.conf.in
A config/templates/ubuntu.priv.seccomp
M config/templates/ubuntu.userns.conf.in
Log Message:
-----------
ubuntu containers: use a seccomp filter by default (v2)
Blacklist module loading, kexec, and open_by_handle_at (the cause of the
not-docker-specific dockerinit mounts namespace escape).
This should be applied to all arches, but iiuc stgraber will be doing
some reworking of the commonizations which will simplify that, so I'm
not doing it here.
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
Acked-by: Stéphane Graber <stgra...@ubuntu.com>
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
