On Wed, 7 Oct 2015 14:13:36 +0200 Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote: > On Wed, Oct 07, 2015 at 09:24:22AM +0200, Dan Horák wrote: > > On Mon, 5 Oct 2015 13:58:26 +0200 > > Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote: > > > > > In chrony 2.2-pre1 was added support for system call filtering > > > with the kernel seccomp facility. In chrony it's mainly useful to > > > reduce the damage from attackers who can execute arbitrary code, > > > e.g. prevent gaining the root privileges through a kernel > > > vulnerability. > > > > please keep in mind that libseccomp currently supports only limited > > set of architectures - > > http://pkgs.fedoraproject.org/cgit/libseccomp.git/tree/libseccomp.spec#n5 > > It will change (in Rawhide) after mainline kernel 4.3 release when > > s390 and ppc will become supported as well. > > The chrony spec should now follow that. Thanks. thanks, once the support lands in libseccomp, we (aka the secondary arch team) will be going over the packages that use libseccomp in buildroots and remove the exceptions Dan -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
