Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Mike Frysinger <vapier@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] [rfc] enable USE=seccomp in default/linux/ profiles
Date: Thu, 19 Feb 2015 19:14:45
Message-Id: 20150219191437.GS544@vapier
1 pro: improved security in daemons (often network)
2 con: some packages might pull in libseccomp (~250KB)
3
4 there shouldn't be measurable runtime overhead here as the filtering is done by
5 a JIT in the kernel itself. if the kernel lacks support for seccomp, daemons
6 generally should fallback at runtime. if they don't, people should file bugs to
7 get them fixed.
8 -mike

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] [rfc] enable USE=seccomp in default/linux/ profiles Patrick McLean <chutzpah@g.o>
Re: [gentoo-dev] [rfc] enable USE=seccomp in default/linux/ profiles Markos Chandras <hwoarang@g.o>
[gentoo-dev] [PATCH] profiles: linux: enable USE=seccomp by default Mike Frysinger <vapier@g.o>
Report Message
Find on MARC Find on Google Groups