Re: seccomp support [was: Testing chrony seccomp support]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Jan 19, 2016, at 11:08 AM, Andrew Lutomirski wrote:

 
On Jan 19, 2016 7:41 AM, "Colin Walters" <walters@xxxxxxxxxx> wrote:
>
>
>
> On Tue, Jan 19, 2016, at 04:16 AM, Nikos Mavrogiannopoulos wrote:
>
> > The issue is that blacklists are terrible from a security standpoint.
> > That means that every new obscure system call added to the kernel will
> > be available by default in your program.
>
> https://github.com/seccomp/libseccomp/issues/11

One of these days I need to tidy up Sandstorm's seccomp policy and factor it into its own library.  It's made a good showing for itself over the last year or so, and it's highly compatible.

Yes,
https://git.gnome.org/browse/linux-user-chroot/commit/?id=8cee4ab7345f126d1dec55b7ca1f28e8090a58d3
 
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux