* Kevin Kofler via devel: > Florian Weimer wrote: >> This is currently not a major consideration for system call design. We >> can't add this downstream from the kernel if support just isn't there. >> You have to solve these issues for porting to other architectures >> anyway. > > So the upstream Linux kernel does not care about security? Sad!
I don't think that's a correct characterization of the situation. Unfortunately, seccomp filters also block system calls that are necessary to avoid bugs (see faccessat2). And developers that usually subscribe to the Move Fast, Break Things motto need many months to fix broken seccomp filters. Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
