[systemd-devel] How to disable seccomp in systemd-nspawn?
Lennart Poettering
lennart at poettering.net
Fri Jun 26 16:29:08 UTC 2020
On Fr, 26.06.20 21:43, Mohan R (mohan43u at gmail.com) wrote:
> Hi
>
> On Fri, Jun 26, 2020 at 9:23 PM Lennart Poettering
> <lennart at poettering.net> wrote:
> > You might need a newer libseccomp so that the syscall is actually
> > known by it. openat2 is a very recent syscall addition, and you need
> > to update libseccomp in lockstep if you want it to grok it.
>
> Thanks for the details, I'll look into it. Anyway, is there any
> specific reason for not providing an option to disable seccomp (or
> make seccomp opt-in instead of default)?
Noone asked for this, and it's a bit hacky to do this.
That said, I'd merge a patch that would make it optional, depending on
some env var being set. (env vars is how we make the stuff
configurable in nspawn we don't really want people to use).
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list