On Mon, Sep 21, 2020 at 7:26 PM Jann Horn <jannh@xxxxxxxxxx> wrote: > > In the initial RFC patch I only added to x86. I could add it to any > > arch that has seccomp filters. Though, I'm wondering, why is SECCOMP > > in the arch-specific Kconfigs? > > Ugh, yeah, the existing code is already bad... as far as I can tell, > SECCOMP shouldn't be there, and instead the arch-specific Kconfig > should define something like HAVE_ARCH_SECCOMP and then arch/Kconfig > would define SECCOMP and let it depend on HAVE_ARCH_SECCOMP. It's > really gross how the SECCOMP config description has been copypasted > into a dozen different Kconfig files; and looking around a bit, you > can actually see that e.g. s390 has an utterly outdated help text > which still claims that seccomp is controlled via the ancient > "/proc/<pid>/seccomp". I guess this very nicely illustrates why > putting such options into arch-specific Kconfig is a bad idea. :P Ah, time to fix this then. YiFei Zhu _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
