I'm looking at strace output. There are a few calls used only once or twice.
It seems obvious that we should drop root as early as possible. But it's not
obvious that we should enable seccomp early.
If we turn on seccomp early, then we have to allow all the syscalls used
during initialization
e...@thyrsus.com said:
[dropping seccomp]
> We're a security-focused prodict. I don't think it would be good optics to
> drop a layer of defense just because it's a pain to maintain.
Have you considered the lost opportunity cost?
This current approach of tossing everything in gives is braggin
hmur...@megapathdsl.net said:
> I'm working on a hack fix.
Fix pushed. CI is happy.
The bug is missing code in a header file. I just put that code inside
ntp_sandbox. Seems obvious in hindsight. The hard part was figuring out when
to do it.
Then I had to debug seccomp on Alpine. I'd be
