seccomp tangle
Richard Laager
rlaager at wiktel.com
Tue Feb 25 15:42:28 UTC 2020
On 2/23/20 4:59 AM, Hal Murray via devel wrote:
> Should we drop secomp? It's a pain to maintain.
I wouldn't cry.
> How many people use it? Richard: do you turn it on for the Debian builds?
I do not. It seems really fragile to me. A change in an underlying
library can break a working binary, possibly only in some scenarios.
That's scary.
It'd be safer (but still not completely safe) to enable if I had good
(or any) "as installed" tests using Debian's autopkgtest, but I do not.
I'm open to enabling it, but it's also unclear how much benefit it
provides. What is it protecting the user from? How much value does it
add if I'm already using AppArmor?
--
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200225/55893e2f/attachment.bin>
More information about the devel
mailing list