* Markus Gutschke (顧孟勤) <markus@xxxxxxxxxx> wrote: > On Sat, Feb 28, 2009 at 10:23, Linus Torvalds > <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > > And I guess the seccomp interaction means that this is > > potentially a 2.6.29 thing. Not that I know whether anybody > > actually _uses_ seccomp. It does seem to be enabled in at least > > Fedora kernels, but it might not be used anywhere. > > In the Linux version of Google Chrome, we are currently working on > code that will use seccomp for parts of our sandboxing solution. That's a pretty interesting usage. What would be fallback mode you are using if the kernel doesnt have seccomp built in? Completely non-sandboxed? Or a ptrace/PTRACE_SYSCALL based sandbox? Ingo
