Is it time to drop seccomp?

Achim Gratz Stromeko at nexgo.de
Wed Feb 13 17:44:49 UTC 2019


Richard Laager via devel writes:
> FWIW, I don't enable seccomp in the Debian package. It seems like a lot
> of risk of breakage. We have an Apparmor policy, from Novell/SUSE by way
> of Ubuntu for the ntp (NTP Classic) package.

Just a word of caution: this AppArmor policy is geared towards an NTP
client and you will need to do some (poorly documented) configuration
changes when configuring a server so the adaemon can get at the device
files for the refclock.  The default NTP statistics directory should now
be allowed to be written by the daemon if you use the version from
Factory/Tumbleweed.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds



More information about the devel mailing list