From: | Mike Frysinger <vapier@g.o> |
---|---|
To: | gentoo-dev@l.g.o |
Subject: | [gentoo-dev] [rfc] enable USE=seccomp in default/linux/ profiles |
Date: | Thu, 19 Feb 2015 19:14:45 |
Message-Id: | 20150219191437.GS544@vapier |
1 | pro: improved security in daemons (often network) |
2 | con: some packages might pull in libseccomp (~250KB) |
3 | |
4 | there shouldn't be measurable runtime overhead here as the filtering is done by |
5 | a JIT in the kernel itself. if the kernel lacks support for seccomp, daemons |
6 | generally should fallback at runtime. if they don't, people should file bugs to |
7 | get them fixed. |
8 | -mike |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-dev] [rfc] enable USE=seccomp in default/linux/ profiles | Patrick McLean <chutzpah@g.o> |
Re: [gentoo-dev] [rfc] enable USE=seccomp in default/linux/ profiles | Markos Chandras <hwoarang@g.o> |
[gentoo-dev] [PATCH] profiles: linux: enable USE=seccomp by default | Mike Frysinger <vapier@g.o> |