proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-14 13:38:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Enable seccomp by default for unprivileged users.

Browse Source 
In contrast to what the comment above the line disabling it said,
it seems to work just fine.  It also is needed on current kernels
(until Eric's patch hits upstream) to prevent unprivileged containers
from hosing fuse filesystems they inherit.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This commit is contained in:
Serge Hallyn 2014-12-19 18:23:52 +00:00 committed by Stéphane Graber
parent 6166fa6d83
commit 218f99322c
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/templates/userns.conf.in
View File

@ -13,7 +13,3 @@ lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
# Default seccomp policy is not needed for unprivileged containers, and
# non-root users cannot use seccmp without NNP anyway.
lxc.seccomp =