Seccomp tangle

Hal Murray hmurray at megapathdsl.net
Tue May 26 06:42:00 UTC 2020


I've been experimenting with some code to allow custom scccomp lists.

The idea is to replace the --enable-seccomp configure option with
  --enable-seccomp=foo
and ntp_sandbox would include syscomp/foo.c which would be a list of syscalls 
used by this system.

I assume we would maintain a list for each OS/distro/version/hardware 
combination that we are interested in.  I have a few scripts that turn strace 
output into a list.  ...

Is this interesting?  If not, I'll drop it.

If yes, I'll need some help to work out the details.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list