seccomp tangle
Eric S. Raymond
esr at thyrsus.com
Sun Feb 23 11:29:37 UTC 2020
Hal Murray via devel <devel at ntpsec.org>:
> Should we drop secomp? It's a pain to maintain.
We're a security-focused prodict. I don't think it would be good optics
to drop a layer of defense just because it's a pain to maintain.
> How many people use it? Richard: do you turn it on for the Debian builds?
I have no idea hpw many people use it.
> How does seccomp compare to a jail? Why don't we have a good web page on how
> to setup and use a jail? Does systemd have a jail option? Does anybody run
> in a jail? ...
We don't have a good page on jails because I'm not experienced at setting them up
and mostly other people don't imotiate documenting things.
> Testing the version of the seccomp header file is probably cleaner than
> testing for Arch.
Agreed.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the devel
mailing list