[Blueprint server-o-lxc-sandboxing] Sandboxing for containers
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Jul 28 19:14:14 UTC 2011
Blueprint changed by Serge Hallyn:
Whiteboard changed:
Status: not yet started
The new candidate seccomp2 patch refuses execve, and is therefore not compatible with LXC. A general sandbox tool is still possible, and seccomp2 may later be extended to be usable with LXC.
Work Items:
[jjohansen] Get seccomp2 into ubuntu kernel or ppa for testing: TODO
- [serge-hallyn] Work with jjohansen/kees/upstream to design generic sandbox program: TODO
+ [serge-hallyn] Work with jjohansen/kees/upstream to design generic sandbox program: POSTPONED
[serge-hallyn] Propose design for lxc integration to lxc-dev: POSTPONED
[serge-hallyn] Implement prototype of lxc seccomp2 integration: POSTPONED
[serge-hallyn] Write testcases for lxc seccomp2 integration: POSTPONED
--
Sandboxing for containers
https://blueprints.launchpad.net/ubuntu/+spec/server-o-lxc-sandboxing
More information about the Ubuntu-server-bugs
mailing list