Anybody using seccomp? (MR 1316)
halmurray at sonic.net
Mon Apr 3 07:30:47 UTC 2023
Or interested in it?
I gave up a long time ago. It was too fiddly.
James has split the list of syscalls out from a list built into the source
(with a few ifdefs) to a text file. I think we will need a file for each
libc/kernel cross each hardware. But I think that gets us the right syscalls.
Or at least, a lot closer then the current setup which is everything that we
have ever needed.
We can probably get the list by running ntpd under strace and feeding the
output through a script.
If nothing else, it will be an interesting experiment.
But I don't want to surprise anybody.
If nobody is using it, then it doesn't matter what the code does as long as it
builds cleanly when not enabled. We can ship something and let people play.
If we go this route, I think we should ship a set of files for each major
distro. That may turn into a lot of work.
If somebody is using it, we need to find out what distro/hardware they are
So, anybody interested?
These are my opinions. I hate spam.
More information about the devel