Seccomp tangle

Gary E. Miller gem at
Wed May 27 01:28:10 UTC 2020

Yo Hal!

On Tue, 26 May 2020 18:23:55 -0700
Hal Murray via devel <devel at> wrote:

> I was thinking of putting the individual lists in ntpd/seccomp/
> with something like
>   #include "seccomp/foo.c"
> in ntp_sandbox.

Why not just load a text file at runtime during startup?

seccomp does not protect against hacked binary or config files.  It
protects against runtime exploits.  So no added attack surface by
using a config file.

Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list