On Tue, Jan 19, 2016, at 11:08 AM, Andrew Lutomirski wrote: > > On Jan 19, 2016 7:41 AM, "Colin Walters" <[email protected]> wrote: > > > > > > > > On Tue, Jan 19, 2016, at 04:16 AM, Nikos Mavrogiannopoulos wrote: > > > > > The issue is that blacklists are terrible from a security > > standpoint. > > > That means that every new obscure system call added to the > > kernel will > > > be available by default in your program. > > > > https://github.com/seccomp/libseccomp/issues/11
> One of these days I need to tidy up Sandstorm's seccomp policy and > factor it into its own library. It's made a good showing for itself > over the last year or so, and it's highly compatible. Yes, https://git.gnome.org/browse/linux-user-chroot/commit/?id=8cee4ab7345f126d1dec55b7ca1f28e8090a58d3
-- devel mailing list [email protected] http://lists.fedoraproject.org/admin/lists/[email protected]
