On Thu, Nov 30, 2017 at 07:18:43PM -0800, Seth Arnold wrote: > On Fri, Dec 01, 2017 at 01:29:44AM +0000, Colin Watson wrote: > > but should be much easier to maintain, and would probably also make it > > easier to switch to a syscall-set-confining library if such a thing > > exists in the future. > > Would a version of OpenBSD's pledge() system call have looked appealing to > you, if it were implemented as a library interface around seccomp? There's > already roughly two dozen categories, though not all may translate well to > seccomp's abilities. > > https://man.openbsd.org/pledge.2
Something like that, yes; maybe something like "stdio rpath flock proc exec" in man-db's case, although I'm sure that would need some tweaking. It's nice to be able to say "these sets, plus this handful of additional syscalls", which pledge can't do. Also, I'm very glad that seccomp persists across execve(2); I much prefer this to the pledge model. -- Colin Watson [cjwat...@debian.org]
