Enable seccomp by default for unprivileged users.

In contrast to what the comment above the line disabling it said, it seems to work just fine. It also is needed on current kernels (until Eric's patch hits upstream) to prevent unprivileged containers from hosing fuse filesystems they inherit. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Enable seccomp by default for unprivileged users.
218f9932 · Serge Hallyn · Stéphane Graber · 6166fa6d · 218f9932
Commit 218f9932 authored Dec 19, 2014 by Serge Hallyn Committed by Stéphane Graber Dec 19, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 4 deletions

userns.conf.in config/templates/userns.conf.in +0 -4

No files found.
--- a/config/templates/userns.conf.in
+++ b/config/templates/userns.conf.in
@@ -13,7 +13,3 @@ lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
 lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
 lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
 lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
-
-# Default seccomp policy is not needed for unprivileged containers, and
-# non-root users cannot use seccmp without NNP anyway.
-lxc.seccomp =