On Fri, Dec 01, 2017 at 12:05:20PM +0100, Andrew Shadura wrote:
> How about https://notabug.org/rain1/linux-seccomp-pledge/?
Promising enough idea, but it looks like the author gave up on it and
never finished the job. This sort of thing is only really helpful if
it's maintained by somebody who's
On Thu, Nov 30, 2017 at 07:18:43PM -0800, Seth Arnold wrote:
> On Fri, Dec 01, 2017 at 01:29:44AM +, Colin Watson wrote:
> > but should be much easier to maintain, and would probably also make it
> > easier to switch to a syscall-set-confining library if such a thing
> > exists in the future.
>
On Fri, Dec 01, 2017 at 01:29:44AM +, Colin Watson wrote:
> but should be much easier to maintain, and would probably also make it
> easier to switch to a syscall-set-confining library if such a thing
> exists in the future.
Would a version of OpenBSD's pledge() system call have looked appeali
On Fri, Dec 01, 2017 at 12:35:06AM +, Colin Watson wrote:
> (Hmm, though maybe a reasonable stopgap would be to copy the relevant
> syscall lists from systemd's code. That would leave me updating things
> manually from time to time, which isn't great, but it would probably
> still be better th
On Wed, Nov 29, 2017 at 05:36:30PM -0800, Russ Allbery wrote:
> Vincas Dargis writes:
> > Since mentioned, I would like that these daemons would implement seccomp
> > filtering themselves, meaning like within application itself, using
> > libeseccomp. Thy can fine-grain what thread what syscalls c
Vincas Dargis writes:
> Since mentioned, I would like that these daemons would implement seccomp
> filtering themselves, meaning like within application itself, using
> libeseccomp. Thy can fine-grain what thread what syscalls can make.
Yes, this is potentially even better. But there are cases
6 matches
Mail list logo
