lxc 1.0.0.beta1 seccomp example

seccomp-example.sh

$ cat seccomp-example.sh
#! /usr/bin/env bash

cat << EOF > /tmp/config
lxc.seccomp = /tmp/whitelist
EOF
cat << EOF > /tmp/whitelist
1
whitelist
0
1
EOF
echo "Executing lxc instance:"
cmd="sudo lxc-execute -n echo-test -f /tmp/config -l DEBUG -o /tmp/lxc.log -- cat /etc/hostname"
echo $cmd
echo `${cmd}`

echo "Debug output:"
cat /tmp/lxc.log
rm /tmp/config
touch /tmp/config
#rm /tmp/whitelist
sudo rm /tmp/lxc.log

echo
echo "Executing lxc instance:"
echo $cmd
echo `${cmd}`
echo "Debug output:"
cat /tmp/lxc.log

sudo rm /tmp/lxc.log


OUTPUT
======

$ ./seccomp-example.sh 
Executing lxc instance:
sudo lxc-execute -n echo-test -f /tmp/config -l DEBUG -o /tmp/lxc.log -- cat /etc/hostname
lxc-execute: Device or resource busy - failed to set memory.use_hiararchy to 1; continuing
lxc-execute: Device or resource busy - failed to set memory.use_hiararchy to 1; continuing
lxc-execute: Failed to find an lxc-init
lxc-execute: invalid sequence number 1. expected 4
lxc-execute: failed to spawn 'echo-test'

Debug output:
    lxc-execute 1392201301.960 INFO     lxc_lsm - LSM security driver nop
    lxc-execute 1392201301.960 DEBUG    lxc_start - sigchild handler set
    lxc-execute 1392201301.960 INFO     lxc_console - no console for lxc-execute.
    lxc-execute 1392201301.960 INFO     lxc_start - 'echo-test' is initialized
    lxc-execute 1392201301.966 DEBUG    lxc_start - Not dropping cap_sys_boot or watching utmp

    lxc-execute 1392201301.966 ERROR    lxc_cgroup - Device or resource busy - failed to set memory.use_hiararchy to 1; continuing
    lxc-execute 1392201301.968 ERROR    lxc_cgroup - Device or resource busy - failed to set memory.use_hiararchy to 1; continuing
    lxc-execute 1392201301.971 DEBUG    lxc_conf - Set exec command to cat

    lxc-execute 1392201301.971 DEBUG    lxc_conf - capabilities have been setup
    lxc-execute 1392201301.971 NOTICE   lxc_conf - 'echo-test' is setup.
    lxc-execute 1392201301.971 ERROR    lxc_execute - Failed to find an lxc-init
    lxc-execute 1392201301.972 ERROR    lxc_sync - invalid sequence number 1. expected 4
    lxc-execute 1392201301.973 ERROR    lxc_start - failed to spawn 'echo-test'

Executing lxc instance:
sudo lxc-execute -n echo-test -f /tmp/config -l DEBUG -o /tmp/lxc.log -- cat /etc/hostname
lxc-execute: Device or resource busy - failed to set memory.use_hiararchy to 1; continuing
lxc-execute: Device or resource busy - failed to set memory.use_hiararchy to 1; continuing
yama
Debug output:
    lxc-execute 1392201302.013 INFO     lxc_lsm - LSM security driver nop
    lxc-execute 1392201302.013 DEBUG    lxc_start - sigchild handler set
    lxc-execute 1392201302.013 INFO     lxc_console - no console for lxc-execute.
    lxc-execute 1392201302.013 INFO     lxc_start - 'echo-test' is initialized
    lxc-execute 1392201302.020 DEBUG    lxc_start - Not dropping cap_sys_boot or watching utmp

    lxc-execute 1392201302.020 ERROR    lxc_cgroup - Device or resource busy - failed to set memory.use_hiararchy to 1; continuing
    lxc-execute 1392201302.022 ERROR    lxc_cgroup - Device or resource busy - failed to set memory.use_hiararchy to 1; continuing
    lxc-execute 1392201302.061 DEBUG    lxc_conf - Set exec command to cat

    lxc-execute 1392201302.061 DEBUG    lxc_conf - capabilities have been setup
    lxc-execute 1392201302.061 NOTICE   lxc_conf - 'echo-test' is setup.
    lxc-execute 1392201302.061 NOTICE   lxc_execute - exec'ing 'cat'
    lxc-execute 1392201302.062 NOTICE   lxc_execute - 'cat' started with pid '7508'
    lxc-execute 1392201302.062 INFO     lxc_console - no console for lxc-execute.
    lxc-execute 1392201302.062 WARN     lxc_start - invalid pid for SIGCHLD
    lxc-execute 1392201302.072 DEBUG    lxc_start - container init process exited
    lxc-execute 1392201302.072 INFO     lxc_conf - running to reset 0 nic names