On Friday, June 15, 2012 07:06:10 PM Blue Swirl wrote: > I think allowing execve() would render seccomp pretty much useless.
Not necessarily. I'll agree that it does seem a bit odd to allow execve(), but there is still value in enabling seccomp to disable potentially buggy/exploitable syscalls. Let's not forget that we have over 300 syscalls on x86_64, not including the 32 bit versions, and even if we add all of the new syscalls suggested in this thread we are still talking about a small subset of syscalls. As far as security goes, the old adage of "less is more" applies. Protecting against the abuse and misuse of execve() is something that is better done with the host's access controls (traditional DAC, MAC via the LSM, etc.). -- paul moore security and virtualization @ redhat