github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-22 05:28:25 +00:00
Code Issues Projects Releases Wiki Activity

FC: Removed redundant --seccomp-level jailer parameter

Browse Source 
Firecracker has removed redundant `--seccomp-level` jailer parameter
since it can be simply forwarded to the Firecracker executable using
"end of command options" convention.
Related PR: https://github.com/firecracker-microvm/firecracker/pull/1491
Since kata is just using default seccomp level for firecracker, here
then we just removed the setting for jailer.

Fixes: #2504

Signed-off-by: Penny Zheng <penny.zheng@arm.com>
This commit is contained in:
Penny Zheng 2020-02-28 05:07:27 +00:00
parent d2cae59ec7
commit 2945bcd796
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
virtcontainers/fc.go
View File

@ -361,7 +361,6 @@ func (fc *firecracker) fcInit(timeout int) error {
jailedArgs := []string{ jailedArgs := []string{
"--id", fc.id, "--id", fc.id,
"--node", "0", //FIXME: Comprehend NUMA topology or explicit ignore "--node", "0", //FIXME: Comprehend NUMA topology or explicit ignore
"--seccomp-level", "2",
"--exec-file", fc.config.HypervisorPath, "--exec-file", fc.config.HypervisorPath,
"--uid", "0", //https://github.com/kata-containers/runtime/issues/1869 "--uid", "0", //https://github.com/kata-containers/runtime/issues/1869
"--gid", "0", "--gid", "0",