Anybody using seccomp? (MR 1316)

Hal Murray halmurray at sonic.net
Mon Apr 3 07:30:47 UTC 2023


Or interested in it?

I gave up a long time ago.  It was too fiddly.

James has split the list of syscalls out from a list built into the source 
(with a few ifdefs) to a text file.  I think we will need a file for each 
libc/kernel cross each hardware.  But I think that gets us the right syscalls. 
 Or at least, a lot closer then the current setup which is everything that we 
have ever needed.

We can probably get the list by running ntpd under strace and feeding the 
output through a script.

If nothing else, it will be an interesting experiment.

But I don't want to surprise anybody.

If nobody is using it, then it doesn't matter what the code does as long as it 
builds cleanly when not enabled.  We can ship something and let people play.

If we go this route, I think we should ship a set of files for each major 
distro.  That may turn into a lot of work.

If somebody is using it, we need to find out what distro/hardware they are 
running on.

So, anybody interested?


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list