| *** harlowja has quit IRC | 00:00 | |
| *** marcoemorais has quit IRC | 00:18 | |
| *** marcoemorais has joined #openstack-containers | 00:18 | |
| *** marcoemorais has quit IRC | 00:19 | |
| *** marcoemorais has joined #openstack-containers | 00:19 | |
| *** praneshp has quit IRC | 00:25 | |
| *** coolsvap is now known as coolsvap|afk | 00:44 | |
| *** praneshp has joined #openstack-containers | 01:18 | |
| *** harlowja_ has quit IRC | 01:28 | |
| *** marcoemorais has quit IRC | 01:30 | |
| *** praneshp_ has joined #openstack-containers | 01:32 | |
| *** harlowja has joined #openstack-containers | 01:32 | |
| *** praneshp has quit IRC | 01:35 | |
| *** praneshp_ is now known as praneshp | 01:35 | |
| *** praneshp has quit IRC | 01:43 | |
| *** unicell has joined #openstack-containers | 01:55 | |
| *** tomblank has joined #openstack-containers | 02:20 | |
| *** jeckersb is now known as jeckersb_gone | 02:29 | |
| *** adrian_otto has joined #openstack-containers | 02:34 | |
| *** praneshp has joined #openstack-containers | 03:04 | |
| *** harlowja is now known as harlowja_away | 03:04 | |
| *** tomblank has quit IRC | 03:04 | |
| *** tomblank has joined #openstack-containers | 04:46 | |
| *** tomblank has quit IRC | 04:52 | |
| *** tomblank has joined #openstack-containers | 04:53 | |
| *** coolsvap|afk is now known as coolsvap | 05:19 | |
| *** amitpp has joined #openstack-containers | 05:31 | |
| *** adrian_otto has quit IRC | 05:35 | |
| *** amitpp has quit IRC | 05:42 | |
| *** praneshp_ has joined #openstack-containers | 05:47 | |
| *** praneshp has quit IRC | 05:49 | |
| *** praneshp_ is now known as praneshp | 05:49 | |
| *** praneshp has quit IRC | 07:01 | |
| *** julienvey has joined #openstack-containers | 08:35 | |
| *** julienvey has quit IRC | 08:36 | |
| *** julienvey has joined #openstack-containers | 08:52 | |
| *** julienvey has quit IRC | 09:21 | |
| *** julienvey has joined #openstack-containers | 09:22 | |
| *** julienvey has quit IRC | 09:26 | |
| *** julienvey has joined #openstack-containers | 09:51 | |
| *** julienvey has quit IRC | 09:53 | |
| *** julienvey has joined #openstack-containers | 09:53 | |
| *** unicell has quit IRC | 09:58 | |
| *** julienvey has quit IRC | 09:58 | |
| *** stannie has joined #openstack-containers | 10:11 | |
| *** tomblank has quit IRC | 10:24 | |
| *** tomblank has joined #openstack-containers | 10:24 | |
| *** amitpp has joined #openstack-containers | 10:28 | |
| *** unicell has joined #openstack-containers | 10:53 | |
| *** coolsvap is now known as coolsvap|afk | 11:11 | |
| *** julienvey has joined #openstack-containers | 11:33 | |
| *** adrian_otto has joined #openstack-containers | 11:45 | |
| *** adrian_otto has quit IRC | 11:54 | |
| *** amitpp has quit IRC | 12:19 | |
| *** amitpp has joined #openstack-containers | 12:19 | |
| *** amitpp has quit IRC | 12:22 | |
| erw | funzo: http://chdir.org/~nico/seccomp-nurse/ | 12:57 |
|---|---|---|
| *** amitpp has joined #openstack-containers | 12:58 | |
| erw | also: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/prctl/seccomp_filter.txt?id=HEAD | 12:59 |
| *** julim has joined #openstack-containers | 13:03 | |
| funzo | nice | 13:06 |
| erw | funzo: I’m thinking that’s the way to do mounts — and a variety of other cool things in containers safely | 13:07 |
| *** thomasem has joined #openstack-containers | 13:10 | |
| funzo | libseccomp is available, that's cool | 13:10 |
| funzo | erw: think we should execute the mount for them when they attach a device? | 13:11 |
| erw | funzo: no. | 13:12 |
| erw | funzo: although an emulated autofs might be an interesting hack. | 13:13 |
| erw | funzo: it’s not safe to execute the mount for them if they (ever) get RW to the block device. | 13:14 |
| *** adrian_otto has joined #openstack-containers | 13:15 | |
| erw | which I suppose is another concern | 13:15 |
| erw | adrian_otto: ping. Mailing list ;-) | 13:15 |
| erw | I’ll repeat for your convenience... | 13:16 |
| erw | http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/prctl/seccomp_filter.txt?id=HEAD | 13:16 |
| erw | http://chdir.org/~nico/seccomp-nurse/ | 13:16 |
| erw | http://lists.openstack.org/pipermail/openstack-dev/2014-June/038654.html | 13:16 |
| erw | EOF | 13:16 |
| erw | also related to http://man7.org/linux/man-pages/man7/vdso.7.html | 13:18 |
| erw | basically - everything we need to circumvent the mount syscall and trap/handle it in userspace exists | 13:18 |
| *** jeckersb_gone is now known as jeckersb | 13:23 | |
| *** amitpp has quit IRC | 13:30 | |
| *** coolsvap|afk is now known as coolsvap | 13:43 | |
| *** tomblank has quit IRC | 13:46 | |
| *** PaulCzar has joined #openstack-containers | 14:12 | |
| *** julienvey has quit IRC | 14:50 | |
| *** julienvey has joined #openstack-containers | 14:52 | |
| *** julienvey has quit IRC | 14:56 | |
| *** ericgoncz has joined #openstack-containers | 15:04 | |
| *** adrian_otto has quit IRC | 15:09 | |
| *** adrian_otto has joined #openstack-containers | 15:35 | |
| *** julienvey has joined #openstack-containers | 15:52 | |
| *** praneshp has joined #openstack-containers | 16:14 | |
| *** julienvey has quit IRC | 16:37 | |
| *** PaulCzar has quit IRC | 16:56 | |
| *** adrian_otto has quit IRC | 17:07 | |
| *** harlowja_away is now known as harlowja | 17:13 | |
| *** marcoemorais has joined #openstack-containers | 17:42 | |
| *** PaulCzar has joined #openstack-containers | 17:46 | |
| *** coolsvap is now known as coolsvap|afk | 18:11 | |
| *** adrian_otto has joined #openstack-containers | 18:16 | |
| *** harlowja has quit IRC | 18:52 | |
| *** marcoemorais has quit IRC | 18:59 | |
| *** marcoemorais has joined #openstack-containers | 18:59 | |
| *** marcoemorais has quit IRC | 19:00 | |
| *** marcoemorais has joined #openstack-containers | 19:00 | |
| *** marcoemorais has quit IRC | 19:01 | |
| *** marcoemorais has joined #openstack-containers | 19:02 | |
| *** marcoemorais has quit IRC | 19:02 | |
| *** marcoemorais has joined #openstack-containers | 19:02 | |
| *** jeckersb is now known as jeckersb_gone | 19:39 | |
| *** jeckersb_gone is now known as jeckersb | 19:39 | |
| *** unicell has quit IRC | 19:57 | |
| *** PaulCzar has quit IRC | 20:06 | |
| *** PaulCzar has joined #openstack-containers | 20:25 | |
| *** ericgoncz has quit IRC | 20:27 | |
| *** marcoemorais has quit IRC | 20:48 | |
| *** julim has quit IRC | 21:16 | |
| *** jeckersb is now known as jeckersb_gone | 21:20 | |
| *** julim has joined #openstack-containers | 21:20 | |
| *** marcoemorais has joined #openstack-containers | 21:21 | |
| *** julim has quit IRC | 21:24 | |
| *** harlowja has joined #openstack-containers | 21:28 | |
| *** PaulCzar has quit IRC | 21:43 | |
| *** thomasem has quit IRC | 21:52 | |
| *** marcoemorais has quit IRC | 21:58 | |
| *** marcoemorais has joined #openstack-containers | 21:59 | |
| *** marcoemorais has quit IRC | 21:59 | |
| *** marcoemorais has joined #openstack-containers | 21:59 | |
| *** adrian_otto has quit IRC | 22:35 | |
| *** marcoemorais has quit IRC | 23:06 | |
| *** marcoemorais has joined #openstack-containers | 23:06 | |
| *** marcoemorais has quit IRC | 23:06 | |
| *** marcoemorais has joined #openstack-containers | 23:07 | |
| *** erw has quit IRC | 23:10 | |
| *** erw has joined #openstack-containers | 23:14 | |
| *** adrian_otto has joined #openstack-containers | 23:19 | |
| *** adrian_otto has quit IRC | 23:32 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!