e...@thyrsus.com said: [dropping seccomp] > We're a security-focused prodict. I don't think it would be good optics to > drop a layer of defense just because it's a pain to maintain.
Have you considered the lost opportunity cost? This current approach of tossing everything in gives is bragging rights for doing it, but not for doing it right. I'm going to play with strace a bit. > We don't have a good page on jails because I'm not experienced at setting > them up and mostly other people don't imotiate documenting things. Don't the arguments for supporting seccomp apply to jails? Is anybody on this list using jails/chroots? "Jail" may not be the right term and/or may have a more specific meaning. I think there is enough info out on the web that we should be able to figure out how to do it. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
