Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config-linux: support seccomp flags #1018

Merged
merged 1 commit into from
Sep 11, 2019
Merged

config-linux: support seccomp flags #1018

merged 1 commit into from
Sep 11, 2019

Conversation

giuseppe
Copy link
Member

@giuseppe giuseppe commented Sep 9, 2019

allow to specify what flags must be passed to seccomp(2) when
installing the filter.

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

@giuseppe
config-linux: support seccomp flags
d1ef109 
allow to specify what flags must be passed to seccomp(2) when
installing the filter.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe giuseppe mentioned this pull request Sep 9, 2019
Merged
@giuseppe
Copy link
Member Author

giuseppe commented Sep 9, 2019

CC @mrunalp @vbatts

@rhatdan
Copy link
Contributor

rhatdan commented Sep 9, 2019

@caniszczyk @crosbymichael @dqminh @hqhq @mrunalp @philips @tianon @vbatts @vishh PTAL

A couple of reasons for these changes:

We are working on generating seccomp rules per container, and would like to be able to see missing syscalls in the audit.log.

People are not using SECCOMP separation, because it hurts performance by turning on the spectre/meltdown mitigations by default. People who want performance could still use seccomp if we did not turn on the mitigation by default.

@crosbymichael
Copy link
Member

crosbymichael commented Sep 10, 2019
edited by caniszczyk
Loading

LGTM

Approved with PullApprove

1 similar comment
@hqhq
Copy link
Contributor

hqhq commented Sep 11, 2019
edited by caniszczyk
Loading

LGTM

Approved with PullApprove

@hqhq hqhq merged commit 52e2591 into opencontainers:master Sep 11, 2019
@vbatts vbatts mentioned this pull request Jan 9, 2020
Closed
@giuseppe giuseppe mentioned this pull request Jun 4, 2020
Open
@mauriciovasquezbernal mauriciovasquezbernal mentioned this pull request Nov 13, 2020
Open
@thaJeztah thaJeztah mentioned this pull request Jul 16, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@giuseppe @rhatdan @crosbymichael @hqhq