seccomp tangle
Hal Murray
hmurray at megapathdsl.net
Mon Feb 24 12:41:11 UTC 2020
esr at thyrsus.com said:
[dropping seccomp]
> We're a security-focused prodict. I don't think it would be good optics to
> drop a layer of defense just because it's a pain to maintain.
Have you considered the lost opportunity cost?
This current approach of tossing everything in gives is bragging rights for
doing it, but not for doing it right.
I'm going to play with strace a bit.
> We don't have a good page on jails because I'm not experienced at setting
> them up and mostly other people don't imotiate documenting things.
Don't the arguments for supporting seccomp apply to jails?
Is anybody on this list using jails/chroots?
"Jail" may not be the right term and/or may have a more specific meaning.
I think there is enough info out on the web that we should be able to figure
out how to do it.
--
These are my opinions. I hate spam.
More information about the devel
mailing list