[Blueprint servercloud-p-lxc-sandboxing] Sandboxing for containers
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Jan 10 21:06:13 UTC 2012
Blueprint changed by Serge Hallyn:
Whiteboard changed:
Status: not yet started
The seccomp2 patch in the oneiric kernel supports execve, but is not yet upstream. There is a minijail0 POC general sandbox tool which works on precise and could be packaged. LXC support for seccomp2 should be possible.
Work Items:
[jjohansen] Get seccomp2 into ubuntu kernel or ppa for testing: DONE
- [serge-hallyn] Package minijail0: TODO
- [serge-hallyn] Send POC of lxc integration to lxc-dev: TODO
- [serge-hallyn] Write testcases for lxc seccomp2 integration: TODO
+ [serge-hallyn] First review of new approach: DONE
+ [serge-hallyn] Lkml review of new approach: TODO
+ [serge-hallyn] Package minijail0: POSTPONED
+ [serge-hallyn] Send POC of lxc integration to lxc-dev: POSTPONED
+ [serge-hallyn] Write testcases for lxc seccomp2 integration: POSTPONED
+
+ Comments:
+ A patch with a new approach is being worked on. As such, the
+ previously planned work items do not make sense for this cycle
+ and have been marked POSTPONED.
--
Sandboxing for containers
https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-lxc-sandboxing
More information about the Ubuntu-server-bugs
mailing list