[Blueprint servercloud-p-lxc-sandboxing] Sandboxing for containers
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Dec 19 17:35:36 UTC 2011
Blueprint changed by Serge Hallyn:
Whiteboard changed:
Status: not yet started
The seccomp2 patch in the oneiric kernel supports execve, but is not yet upstream. There is a minijail0 POC general sandbox tool which works on precise and could be packaged. LXC support for seccomp2 should be possible.
Work Items:
[jjohansen] Get seccomp2 into ubuntu kernel or ppa for testing: DONE
[serge-hallyn] Package minijail0: TODO
- [serge-hallyn] Propose design for lxc integration to lxc-dev: TODO
- [serge-hallyn] Implement prototype of lxc seccomp2 integration: TODO
+ [serge-hallyn] Send POC of lxc integration to lxc-dev: TODO
[serge-hallyn] Write testcases for lxc seccomp2 integration: TODO
--
Sandboxing for containers
https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-lxc-sandboxing
More information about the Ubuntu-server-bugs
mailing list