]> git.ipfire.org Git - thirdparty/lxc.git/commit
projects / thirdparty / lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: de60a7f) | patch
confile: add lxc.seccomp.allow_nesting 2771/head
authorChristian Brauner <christian.brauner@ubuntu.com>
Mon, 7 Jan 2019 14:10:52 +0000 (15:10 +0100)
committerChristian Brauner <christian.brauner@ubuntu.com>
Mon, 7 Jan 2019 14:34:08 +0000 (15:34 +0100)
commit50d86993a7d6bf913372e0514fc491ea49ebdc5c
tree443aac3efa28c5ca7439b3bea595f67077c40c06tree
parentde60a7fe1c5260d4e862656c3a9090ad529d028dcommit | diff
confile: add lxc.seccomp.allow_nesting

This adds the lxc.seccomp.allow_nesting api extension. If
lxc.seccomp.allow_nesting is set to 1 then seccomp profiles will be
stacked. This way nested containers can load their own seccomp policy on
top of the policy that the outer container might have applied.

Cc: Simon Fels <simon.fels@canonical.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
doc/lxc.container.conf.sgml.in diff | blob | blame | history
src/lxc/api_extensions.h diff | blob | blame | history
src/lxc/conf.h diff | blob | blame | history
src/lxc/confile.c diff | blob | blame | history
src/lxc/seccomp.c diff | blob | blame | history
Mirror of https://github.com/lxc/lxc.git