]> glassweightruler.freedombox.rocks Git - waydroid.git/blobdiff - data/configs/config_2
projects / waydroid.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
A seccomp profile for the entire container has been added.
[waydroid.git] / data / configs / config_2
diff --git a/data/configs/config_2 b/data/configs/config_2
index 172e1e7bfc11f2df6c1d6d54c213a7d845b77042..34537ecd674ff20cfa2936f07bb00c3d8199444d 100644 (file)
--- a/data/configs/config_2
+++ b/data/configs/config_2
@@ -6,6 +6,8 @@ lxc.arch = LXCARCH
 lxc.autodev = 0
 # lxc.autodev.tmpfs.size = 25000000
 lxc.apparmor.profile = unconfined
+lxc.seccomp.profile = /var/lib/waydroid/lxc/waydroid/waydroid.seccomp
+lxc.seccomp.allow_nesting = 1
 
 lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner sys_module ipc_lock sys_chroot
 lxc.no_new_privs = 1
https://github.com/waydroid/waydroid