Archives
Archives
| From: | Andrew Savchenko <bircoph@g.o> |
|---|---|
| To: | gentoo-dev@l.g.o |
| Subject: | [gentoo-dev] [RFC] Make "seccomp" USE flag global |
| Date: | Fri, 20 Feb 2015 23:45:57 |
| Message-Id: | 20150221024454.02eabdba19bd72fcf1d9cd3b@gentoo.org |
| 1 | Hello, |
| 2 | |
| 3 | at this moment 8 packages uses "seccomp" flag: |
| 4 | |
| 5 | app-admin/clsync |
| 6 | app-emulation/qemu |
| 7 | app-emulation/lxc |
| 8 | net-dns/bind |
| 9 | net-misc/tlsdate |
| 10 | net-misc/tor |
| 11 | net-misc/lldpd |
| 12 | sys-apps/systemd |
| 13 | |
| 14 | for the very same reason: enable seccomp filtering to improve |
| 15 | security. Some of them use seccomp directly via system calls, while |
| 16 | other rely on sys-libs/libseccomp, but this should have no |
| 17 | difference for users. |
| 18 | |
| 19 | I propose to add global "seccomp" USE flag as follows: |
| 20 | |
| 21 | seccomp - Enable seccomp for system call filtering |
| 22 | |
| 23 | and remove local descriptions for affected packages. |
| 24 | |
| 25 | Comments? |
| 26 | |
| 27 | Best regards, |
| 28 | Andrew Savchenko |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] [RFC] Make "seccomp" USE flag global | Andrew Savchenko <bircoph@g.o> |