Hal Murray via devel <devel@ntpsec.org>: > > I've been experimenting with some code to allow custom scccomp lists. > > The idea is to replace the --enable-seccomp configure option with > --enable-seccomp=foo > and ntp_sandbox would include syscomp/foo.c which would be a list of syscalls > used by this system. > > I assume we would maintain a list for each OS/distro/version/hardware > combination that we are interested in. I have a few scripts that turn strace > output into a list. ... > > Is this interesting? If not, I'll drop it. > > If yes, I'll need some help to work out the details.
Aaarrgghhh. It;s a huge pain in the ass and I wish it weren't interesting. But given our mission statememnnt, it has to be. -- <a href="http://www.catb.org/~esr/">Eric S. Raymond</a> _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel