[systemd-devel] [PATCH] Make seccomp protections in systemd-nspawn optional
Jay Faulkner
jay at jvf.cc
Tue Feb 3 15:22:18 PST 2015
Hi all,
As I posted last week, a change merged a while ago to systemd-nspawn adding seccomp protections with no ability to enable/disable broke the Ironic Python Agent ramdisk which utilizes CoreOS and systemd. The attached patch makes the behavior optional, with it defaulting to disabled. I did this for two reasons; the first being that my (and other consumers of OpenStack Ironic) use case was broken, as would anyone else using spawn in this manner. Additionally, seccomp filters can be configured specifically as desired in the unit file.
I appreciate your time and effort in getting this patch merged, so I’ll be able to upgrade and consume a newer systemd.
Thanks,
Jay Faulkner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd-nspawn-seccomp-default-disable.patch
Type: application/octet-stream
Size: 4917 bytes
Desc: systemd-nspawn-seccomp-default-disable.patch
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150203/71a6ece5/attachment.obj>
More information about the systemd-devel
mailing list