Re: [systemd-devel] [PATCH] refactored Re: [PATCH] nspawn: Map all seccomp filters to matching capabilities

On Mar 3, 2015, at 8:55 AM, Topi Miettinen toiwo...@gmail.commailto:toiwo...@gmail.com wrote: On 03/03/15 01:28, Jay Faulkner wrote: Hey, Lennart reviewed this in IRC and suggested I refactor the change in this manner. Now, we have an array of capability:sys call pairs, and iterate through

Re: [systemd-devel] [PATCH] refactored Re: [PATCH] nspawn: Map all seccomp filters to matching capabilities

://github.com/jayofdoom/systemd/pull/5.patch. nspawn-seccomp-capabilities.patch Description: nspawn-seccomp-capabilities.patch Thanks all,Jay FaulknerOn Feb 27, 2015, at 12:15 PM, Jay Faulkner j...@jvf.cc wrote:Hi all,My apologies if this is frowned upon, but this has been posted for a week and I haven’t

Re: [systemd-devel] [PATCH] refactored Re: [PATCH] nspawn: Map all seccomp filters to matching capabilities

configured, to perform system tasks (such as firmware and bios flashing). Thanks, Jay Faulkner On Feb 20, 2015, at 6:59 PM, Jay Faulkner j...@jvf.ccmailto:j...@jvf.cc wrote: After some additional testing, I found a bug in this patch where it would not compile with seccomp disabled. I’ve updated

[systemd-devel] [PATCH] refactored Re: [PATCH] nspawn: Map all seccomp filters to matching capabilities

Description: refactor-nspawn-map-seccomp-to-capabilities.patch Thanks,Jay FaulknerOn Feb 20, 2015, at 2:24 PM, Jay Faulkner j...@jvf.cc wrote: Hi all, Two weeks ago[1] I patched systemd-nspawn to respect CAP_SYS_MODULE with regards to setting seccomp filters. As I needed access to some

Re: [systemd-devel] [PATCH] refactored Re: [PATCH] nspawn: Map all seccomp filters to matching capabilities

: refactor-nspawn-map-seccomp-to-capabilities.patch On Feb 20, 2015, at 4:18 PM, Jay Faulkner j...@jvf.cc wrote: Hi all, At the suggestion (and with the assistance of) a co-worker, we remade this patch to not have quite as much repeated code. The new version is attached and can be found

[systemd-devel] [PATCH] nspawn: Map all seccomp filters to matching capabilities

in transport as the last one did, feel free to get it directly from github here: https://github.com/jayofdoom/systemd/pull/3.patch. Thanks, Jay Faulkner nspawn-map-seccomp-to-capabilities.patch Description: nspawn-map-seccomp-to-capabilities.patch

Re: [systemd-devel] [PATCH] Make seccomp protections in systemd-nspawn optional

On Feb 3, 2015, at 3:52 PM, Lennart Poettering lenn...@poettering.net wrote: On Tue, 03.02.15 23:22, Jay Faulkner (j...@jvf.cc) wrote: Hi all, As I posted last week, a change merged a while ago to systemd-nspawn adding seccomp protections with no ability to enable/disable broke

[systemd-devel] [PATCH] Make seccomp protections in systemd-nspawn optional

this patch merged, so I’ll be able to upgrade and consume a newer systemd. Thanks, Jay Faulkner systemd-nspawn-seccomp-default-disable.patch Description: systemd-nspawn-seccomp-default-disable.patch ___ systemd-devel mailing list systemd-devel

[systemd-devel] systemd-nspawn support for loading kernel modules / custom seccomp rules

BIOS flashing. Thanks in advance, Jay Faulkner [1] https://github.com/openstack/ironic-python-agent; relevent nspawn flags here: https://github.com/openstack/ironic-python-agent/blob/master/imagebuild/coreos/oem/cloud-config.yml#L40 ___ systemd