This repository was archived by the owner on May 12, 2021. It is now read-only.
This repository was archived by the owner on May 12, 2021. It is now read-only.
vsyscall support? #498
Description
Right now the kata guest kernel does not provide vsyscall support and it causes failures to run some old images like centos:6. Do we want to support these legacy images? That would require vsyscall support in the guest kernel and it as documented in kernel doc has some security concerns:
│ CONFIG_LEGACY_VSYSCALL_EMULATE: │
│ │
│ The kernel traps and emulates calls into the fixed │
│ vsyscall address mapping. This makes the mapping │
│ non-executable, but it still contains known contents, │
│ which could be used in certain rare security vulnerability │
│ exploits. This configuration is recommended when userspace │
│ still uses the vsyscall area. │
│ │
│ │
│ Symbol: LEGACY_VSYSCALL_EMULATE [=y] │
│ Type : bool │
│ Prompt: Emulate │
│ Location: │
│ -> Processor type and features │
│ -> vsyscall table for legacy applications (<choice> [=y]) │
│ Defined at arch/x86/Kconfig:2313 │
│ Depends on: <choice>