seccomp and systemd
Gary E. Miller
gem at rellim.com
Wed May 17 19:29:20 UTC 2017
Yo Daniele!
On Wed, 17 May 2017 11:47:06 -0600
Daniele Nicolodi via devel <devel at ntpsec.org> wrote:
> I just wanted to point out that systemd has the capability to install
> seccomp filters for the services it manages:
How could it possibly know what syscalls that ntpd uses?
> https://www.freedesktop.org/software/systemd/man/systemd.exec.html#SystemCallFilter=
Well, from that link, it can not. So now we'd have to distribute a
large number of these filter files. Filters that are very specific to
OS and libc versions.
And then, how can systemd know to change the filter file after
ntpd has dropped root and finished initialization?
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170517/3926333b/attachment.bin>
More information about the devel
mailing list