seccomp tangle

[Hal Murray]

Richard said:
> I do not. It seems really fragile to me. A change in an underlying library
> can break a working binary, possibly only in some scenarios. That's scary. 

> It'd be safer (but still not completely safe) to enable if I had good (or
> any) "as installed" tests using Debian's autopkgtest, but I do not. 

All good points.  I've been wondering how to do that sort of testing.

With enough work and enough toys, I think I could setup a reasonably thorough 
automated test setup.  The idea is to actually run ntpd, feed the server side 
live traffic and let the client side generate traffic.  We would have to make 
a list of all the cases to test and figure out how to test them.  Things like 
send a HUP, unplug the ethernet, wait an hour for it to write some statistics.

For now, I'm doing it by hand.  It's not a long list.

In practice, I haven't seen the long tail that I've been looking for.  One 
thing in our favor is that ntpd isn't very complicated if you measure the 
cross section at the syscall plane.  The trick is that if we discover that we 
missed one, we have to figure out what caused it and add that to the 
what-to-do list when running in collect mode.

Having said that, I just discovered another item for the list.  Stepping the 
clock uses a timer call that isn't otherwise used.


-- 
These are my opinions.  I hate spam.