I've been experimenting with some code to allow custom scccomp lists.
The idea is to replace the --enable-seccomp configure option with --enable-seccomp=foo and ntp_sandbox would include syscomp/foo.c which would be a list of syscalls used by this system. I assume we would maintain a list for each OS/distro/version/hardware combination that we are interested in. I have a few scripts that turn strace output into a list. ... Is this interesting? If not, I'll drop it. If yes, I'll need some help to work out the details. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel