[systemd-devel] How to disable seccomp in systemd-nspawn?

Steve Dodd steved424 at gmail.com
Sun Aug 16 22:11:31 UTC 2020


On Sun, 16 Aug 2020 at 16:32, Steve Dodd <steved424 at gmail.com> wrote:

Ah, looks like we need to seccomp_attr_get(&ctx, SCMP_FLTATR_CTL_LOG, ..)
> somewhere for this to work. Not sure if that should be done
> unconditionally...
>

https://github.com/systemd/systemd/pull/16752 makes it conditional on an
environment variable, "SYSTEMD_LOG_SECCOMP", which seems neat enough.

I've tried to open a discussion about the ENOSYS handling in libseccomp at
https://github.com/seccomp/libseccomp/issues/286, but I'm probably not
being very coherent..

S.

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200816/7ed158dc/attachment.htm>


More information about the systemd-devel mailing list