Hi all,
As I posted last week, a change merged a while ago to systemd-nspawn adding
seccomp protections with no ability to enable/disable broke the Ironic Python
Agent ramdisk which utilizes CoreOS and systemd. The attached patch makes the
behavior optional, with it defaulting to disabled. I di
For context this puts a toggle on this feature added to nspawn:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=28650077f36466d9c5ee27ef2006fae3171a2430
I encouraged Jay to make it an opt-in flag so as to not break other
people who had working setups when using nspawn as a minimal ns
wrappe
On Tue, 03.02.15 23:22, Jay Faulkner (j...@jvf.cc) wrote:
> Hi all,
>
> As I posted last week, a change merged a while ago to systemd-nspawn
> adding seccomp protections with no ability to enable/disable broke
> the Ironic Python Agent ramdisk which utilizes CoreOS and
> systemd. The attached pat
> On Feb 3, 2015, at 3:52 PM, Lennart Poettering wrote:
>
> On Tue, 03.02.15 23:22, Jay Faulkner (j...@jvf.cc) wrote:
>
>> Hi all,
>>
>> As I posted last week, a change merged a while ago to systemd-nspawn
>> adding seccomp protections with no ability to enable/disable broke
>> the Ironic Pyth
On Wed, 04.02.15 02:21, Jay Faulkner (j...@jvf.cc) wrote:
> > I am not particularly fond of the idea of adding a completely new
> > command line option for this though. Maybe we can find another way for
> > this.
> >
> > For example, one option could be to split the seccomp syscall
> > blacklist
