On 3/21/20 11:18 PM, Michael Schmitz wrote:
Am 21.03.2020 um 11:59 schrieb John Paul Adrian Glaubitz:
On 3/20/20 11:49 PM, Finn Thain wrote:
I suspect (without evidence) that many m68k systems are actually virtual
machines. And the need for container hosting on m68k seems negligible.
It isn't about security. It's about being able to build more packages
as some packages have started to make libseccomp support mandatory.
Is there a good technical reason for this decision? I suppose most of these packages are not about VM or container hosting?
I don't know but I don't think I have a good case arguing against that
as multiple upstream projects are using it.
What about checking at runtime for availability of the library, and disabling VM related functionality if it wasn't possible to load?
In the event that kernel support can't be avoided: I suppose there a git commit for Helge's hppa changes that would help gauge the effort required for implementing such support?
It doesn't seem to be much that's necessary:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c90f06943e05519a87140dc407cf589c220aeedf
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=910cd32e552ea09caa89cdbe328e468979b030dd
Other architectures are similarly minimal:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8855d608c145c1ca0e26f4da00741080bb49d80d
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d218af78492a36a4ae607c08fedfb59258440314
So, I think it's feasible to add minimal seccomp support for m68k.
PS: I'm going to set up the Amiga 500 with the xsurf500 soonish. Got all hardware
that I need now.
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@xxxxxxxxxx
`. `' Freie Universitaet Berlin - glaubitz@xxxxxxxxxxxxxxxxxxx
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
