seccomp tangle

[Richard Laager]

On 2/23/20 4:59 AM, Hal Murray via devel wrote:
> Should we drop secomp?  It's a pain to maintain.

I wouldn't cry.

> How many people use it?  Richard: do you turn it on for the Debian builds?

I do not. It seems really fragile to me. A change in an underlying
library can break a working binary, possibly only in some scenarios.
That's scary.

It'd be safer (but still not completely safe) to enable if I had good
(or any) "as installed" tests using Debian's autopkgtest, but I do not.

I'm open to enabling it, but it's also unclear how much benefit it
provides. What is it protecting the user from? How much value does it
add if I'm already using AppArmor?

-- 
Richard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200225/55893e2f/attachment.bin>