Quoting Christian Brauner (christian.brau...@mailbox.org):
> On Wed, Dec 02, 2015 at 10:42:36PM +, Serge Hallyn wrote:
> > Generally we enforce that a [arch] seccomp section can only be used on
> > [arch].
> > However, on amd64 we allow [i386] sections for i386 containers, and there we
> > als
On Wed, Dec 02, 2015 at 10:42:36PM +, Serge Hallyn wrote:
> Generally we enforce that a [arch] seccomp section can only be used on [arch].
> However, on amd64 we allow [i386] sections for i386 containers, and there we
> also take [all] sections and apply them for both 32- and 64-bit.
>
> Do th
On Wed, Dec 02, 2015 at 10:42:36PM +, Serge Hallyn wrote:
> Generally we enforce that a [arch] seccomp section can only be used on [arch].
> However, on amd64 we allow [i386] sections for i386 containers, and there we
> also take [all] sections and apply them for both 32- and 64-bit.
>
> Do th
Generally we enforce that a [arch] seccomp section can only be used on [arch].
However, on amd64 we allow [i386] sections for i386 containers, and there we
also take [all] sections and apply them for both 32- and 64-bit.
Do that also for ppc64 and arm64. This allows seccomp-protected armhf
contai