Seccomp tangle

Hal Murray hmurray at megapathdsl.net
Wed May 27 11:08:00 UTC 2020


esr at thyrsus.com said:
> Aaarrgghhh.  It;s a huge pain in the ass and I wish it weren't interesting.
> But given our mission statememnnt, it has to be. 

Just to make sure we are on the same wavelength...

My question/proposal was not to drop seccomp if we didn't do what I sketched 
out.  It was to allow a slightly tighter/cleaner list of syscalls if you were 
willing to put in the work to collect the data.  The old merger of all 
syscalls ever seen on any system approach would still be the default if you 
enabled seccomp and didn't specify your own list.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list