Re: Enabling Secure Computing (SECCOMP)
On 09/19/2007 04:30 PM, Roland McGrath wrote: >> The reasons against it in the past were that it slowed down >> the common case (people who aren't using the feature) > > It doesn't look like it should. > With the latest patches in 2.6.23 it looks like the overhead is just about zero, so I enabled it on the principle that we basically enable everything we possibly can... And I wish more people would look at using it for untrusted code, e.g. a JPEG decoder could run in the "jail" and it couldn't cause any harm even if someone managed to exploit it. ___ Fedora-kernel-list mailing list Fedora-kernel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-kernel-list
Re: Enabling Secure Computing (SECCOMP)
> The reasons against it in the past were that it slowed down > the common case (people who aren't using the feature) It doesn't look like it should. ___ Fedora-kernel-list mailing list Fedora-kernel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-kernel-list
Re: Enabling Secure Computing (SECCOMP)
On Wed, Sep 19, 2007 at 03:48:57PM -0400, Jarod Wilson wrote: > Chuck Ebbert wrote: > > We have a bug report requesting that we enable SECCOMP: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=295841 > > > > I suggest we enable it in Fedora 8 but leave it disabled in F7. > > That way we're not changing a config item in a stable release, > > and we don't have to carry patches to lower the feature's > > overhead and make its API match 2.6.23's. > > Saw that one too. Turning it on just in F8 sounds sane to me. The reasons against it in the past were that it slowed down the common case (people who aren't using the feature) I don't know if this is still a relevant objection, Ingo? Dave -- http://www.codemonkey.org.uk ___ Fedora-kernel-list mailing list Fedora-kernel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-kernel-list
Re: Enabling Secure Computing (SECCOMP)
Chuck Ebbert wrote: > We have a bug report requesting that we enable SECCOMP: > > https://bugzilla.redhat.com/show_bug.cgi?id=295841 > > I suggest we enable it in Fedora 8 but leave it disabled in F7. > That way we're not changing a config item in a stable release, > and we don't have to carry patches to lower the feature's > overhead and make its API match 2.6.23's. Saw that one too. Turning it on just in F8 sounds sane to me. -- Jarod Wilson [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature ___ Fedora-kernel-list mailing list Fedora-kernel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-kernel-list
Enabling Secure Computing (SECCOMP)
We have a bug report requesting that we enable SECCOMP: https://bugzilla.redhat.com/show_bug.cgi?id=295841 I suggest we enable it in Fedora 8 but leave it disabled in F7. That way we're not changing a config item in a stable release, and we don't have to carry patches to lower the feature's overhead and make its API match 2.6.23's. ___ Fedora-kernel-list mailing list Fedora-kernel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-kernel-list