From: | Andrew Savchenko <bircoph@g.o> |
---|---|
To: | gentoo-dev@l.g.o |
Subject: | [gentoo-dev] [RFC] Make "seccomp" USE flag global |
Date: | Fri, 20 Feb 2015 23:45:57 |
Message-Id: | 20150221024454.02eabdba19bd72fcf1d9cd3b@gentoo.org |
1 | Hello, |
2 | |
3 | at this moment 8 packages uses "seccomp" flag: |
4 | |
5 | app-admin/clsync |
6 | app-emulation/qemu |
7 | app-emulation/lxc |
8 | net-dns/bind |
9 | net-misc/tlsdate |
10 | net-misc/tor |
11 | net-misc/lldpd |
12 | sys-apps/systemd |
13 | |
14 | for the very same reason: enable seccomp filtering to improve |
15 | security. Some of them use seccomp directly via system calls, while |
16 | other rely on sys-libs/libseccomp, but this should have no |
17 | difference for users. |
18 | |
19 | I propose to add global "seccomp" USE flag as follows: |
20 | |
21 | seccomp - Enable seccomp for system call filtering |
22 | |
23 | and remove local descriptions for affected packages. |
24 | |
25 | Comments? |
26 | |
27 | Best regards, |
28 | Andrew Savchenko |
Subject | Author |
---|---|
Re: [gentoo-dev] [RFC] Make "seccomp" USE flag global | Andrew Savchenko <bircoph@g.o> |