Replies: 5 comments
-
|
I set these syscall, is there any syscall affect podman? "syscalls": [
{
"names": [
"bind",
"close",
"connect",
"setsockopt",
"fcntl",
"_exit",
"exit_group",
"getpeername"
],
"action": "SCMP_ACT_NOTIFY" |
Beta Was this translation helpful? Give feedback.
-
|
yes, close surely affect the OCI runtime, as well as exit. Does it work if you don't override the seccomp profile? |
Beta Was this translation helpful? Give feedback.
-
yes, it works when I don't override the seccomp profile or delete all syscalls that I set. |
Beta Was this translation helpful? Give feedback.
-
is there any other syscall that affect OCI below? "bind",
"close",
"connect",
"setsockopt",
"fcntl",
"_exit",
"exit_group",
"getpeername" |
Beta Was this translation helpful? Give feedback.
-
|
that's is runtime specific. crun might use less syscalls than runc |
Beta Was this translation helpful? Give feedback.
-
podman run -it --rm --security-opt seccomp=$HOME/seccomp.json --runtime=runc iperf3 -swhen I execute this command, I found that it would always be stuck here
Maybe it’s because my user-mode decision program is not started?
Is there a way to make the decision program start after podman creates the container process?
Beta Was this translation helpful? Give feedback.
All reactions