On Sat, Jun 13, 2020 at 9:41 AM Koehler, Yannick <yannick.koeh...@hpe.com> wrote: > > Hi, > > I am in a situation where we desire to run our old OS environment inside > Ubuntu Core. So far we have identified LXD as being a candidate to enable us > to run our past Linux OS environment within the new one. > > At this time our goal is to apply the least amount of modification to our > existing OS in order to test and validate such an approach. > > I, therefore, need to run an LXC container with pretty much zero security, as > to allow the old OS to loads kernel modules, access /proc, /sys, etc.
> Yet, when I tried to disable seccomp using lxc.seccomp.profile = none, I > obtained an error as the profile 'none' was not found by the seccomp profile > reader. I am wondering if this is a problem with lxc itself or with > UbuntuCore not providing a definition of what a seccomp "none" profile would > be. Start from https://discuss.linuxcontainers.org/t/lxd-raw-lxc-lxc-net-i-script-up/1131/4 Then create something like /var/snap/lxd/common/lxd/extra/unrestricted.conf ------------------------------------------------ lxc.cap.drop = lxc.apparmor.profile = unconfined lxc.mount.auto = proc:rw sys:rw cgroup-full:rw lxc.cgroup.devices.allow = c *:* rwm lxc.cgroup.devices.allow = b *:* rwm lxc.seccomp.profile = /var/snap/lxd/common/lxd/extra/unrestricted-seccomp.conf /var/snap/lxd/common/lxd/extra/unrestricted-seccomp.conf -------------------------------------------------------- 2 blacklist # v2 allows comments after the second line, with '#' in first column, # blacklist will allow syscalls by default Then put it on your lxd config config: raw.lxc: lxc.include=/var/snap/lxd/common/lxd/extra/unrestricted.conf Totally unsupported, you're on your own if something bad happens, etc. I was able to run mknod, "losetup -a", mount, and modprobe from my container, running lxd from snap under ubuntu 20.04 host (might be relevant for you since ubuntu core also uses lxd from snap) -- Fajar _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users