[systemd-devel] How to disable seccomp in systemd-nspawn?
Mohan R
mohan43u at gmail.com
Thu Jun 25 14:49:50 UTC 2020
Hi
On Thu, Jun 25, 2020 at 2:17 PM Lennart Poettering
<lennart at poettering.net> wrote:
> You can't disable seccomp right now.
Any future plan to include a flag or some other way?
> We implement a system call allow list, i.e. everything that isn't
> explicitly allowed is denied. You can use --system-call-filter=openat2
> to allow a specific syscall on top of our defaults, i.e. extend the
> allow list, or remove entries from it.
This '--system-call-filter' isn't working,
https://gist.github.com/mohan43u/6ed44eff564f10cc04c709772b02c323
Is this a bug in systemd-nspawn?
Thanks,
Mohan R
More information about the systemd-devel
mailing list