Probably it is an architecture problem. seccomp is enabled in kernel and lxc-checkconfig shows everything enabled too. Though there's no security in /sys/kernel. I managed to run containers when I told LXD to ignore the policy by "lxc profile set default raw.lxc lxc.seccomp=". I would like to write a policy for ARM architecture. Any ideas?
On Mon, Apr 25, 2016 at 6:54 PM, Serge Hallyn <[email protected]> wrote: > Quoting Muneeb Ahmad ([email protected]): > ... > > lxc 20160421151846.936 ERROR lxc_utils - > utils.c:mkdir_p:253 > > - Permission denied - failed to create directory > > '/usr/lib/arm-linux-gnueabihf/lxc/sys/firmware/efi/' > > > ... > > lxc 20160421151846.937 ERROR lxc_utils - > utils.c:mkdir_p:253 > > - Permission denied - failed to create directory > > '/usr/lib/arm-linux-gnueabihf/lxc/sys/fs/pstore' > ... > > lxc 20160421151846.938 ERROR lxc_utils - > utils.c:mkdir_p:253 > > - Permission denied - failed to create directory > > '/usr/lib/arm-linux-gnueabihf/lxc/sys/kernel/security' > > lxc 20160421101847.173 ERROR lxc_seccomp - > > > seccomp.c:lxc_seccomp_load:615 - Error loading the seccomp policy > > > > lxc 20160421151847.174 ERROR lxc_sync - > > sync.c:__sync_wait:52 - An error occurred in another process (expected > > sequence number 4) > > I question your kernel support. Those directories, especially > /sys/kernel/security, should exist - you should be getting EEXIST not > EPERM. The seccomp policy load could be an architecture related bug > in lxc's code, but given your other errors seems just as likely to > be lack of seccomp support in the kernel. > > What does lxc-checkconfig show? > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
