This repository has been archived by the owner on May 12, 2021. It is now read-only.
Add seccomp support #104
Labels
Comments
|
Anyone working on this? I can take it up if no one has already. |
|
@sboeuf But this issue, kata-containers/osbuilder#28 says otherwise? |
|
The first bullet point, that is build the agent with specific flags has to happen here on the agent repo, but the second point about having |
egernst
added
enhancement
|
@sboeuf @egernst @jodh-intel : Hello Team, I am planning to take up seccomp support in Kata Containers. Any background discussions I need to know before I start on it. Any ideas? Thanks! :-) |
|
I think this thread is all you need to know 😄 |
jshachm
pushed a commit
to jshachm/agent
that referenced
this issue
Nov 22, 2018
Inorder to get runc/libcontainer/seccomp/seccomp_linux.go built in, build agent with seccomp tag. Fixes: kata-containers#104 Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In order to enable support for seccomp inside the VM, here is what we need:
Build the agent binary with the extra flag
-tags "seccomp", this needs to be added to the Makefile. For more details, look at https://github.com/opencontainers/runc/blob/master/libcontainer/seccomp/seccomp_unsupported.go#L1 vs https://github.com/opencontainers/runc/blob/master/libcontainer/seccomp/seccomp_linux.go#L1. Indeed, we needlinux,cgoandseccompto build the right file.Ensure the image used on the guest does include
libseccomp, otherwise we will end up with boot failure on the guest like this:The text was updated successfully, but these errors were encountered: