Changes in common.seccomp

Changes in common.seccomp http://src.iws.cs.ovgu.de/source/rss/lxc/config/templates/common.seccomp en Copyright 2005 Java seccomp: add rule to reject umount -f If a container has a bind mount from a host nfs or fuse filesystem, and does 'umount -f', it will disconnect the host's filesystem. This patch adds a seccomp rule to block umount -f from a container. It also adds that rule to the default seccomp profile. Thanks stgraber for the idea :) Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com> /lxc/config/templates/common.seccomp - 6166fa6d83b23e86a24cc2ab5cfe780fccb0a709 Serge Hallyn <serge.hallyn@ubuntu.com> Enable default seccomp profile for all distros This updates the common config to include Serge's seccomp profile by default for privileged containers. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> /lxc/config/templates/common.seccomp - 6e39e4cbff5d49b4a66451696aa87b9884f58a6e Stéphane Graber <stgraber@ubuntu.com>