On Wed, 15 Jul 2009 09:57:33 -0600 Bob Beck <b...@obtuse.com> wrote: > Now it's not to say that *theoretically* systrace can't be a help. > I'm certain it could if you knew 100% what you were doing and knew the > inside and outs of the code. but really that's a job for the > developers, not the sysadmin running it. If the developer is going to > do it, well, at that point your best bet is simply to privsep the code > properly - that has been show to actually work, and doesn't require > insanity on the part of the system admin to pull wild guesses out of > his ass about what system calls this should use and why and when and > what the impact of allowing something is. >
Systrace is a development/test tool that has been miscast. In a corporate/collective environment this would be a useful testbed tool to validate programmer claims. This would NOT be part of the delivered product but maintained in a lab as part of an automated sw test cycle. Do I detect here a problem involved in GPL-thinking? It does tend to require that end users be delivered of reams of Makefiles and other coder desiderata... why not test tools too? ... and while we're at it ... Dhu