On Fri, Feb 27, 2015 at 5:46 PM, Andrew Savchenko <birc...@gentoo.org> wrote: > On Sat, 21 Feb 2015 02:44:54 +0300 Andrew Savchenko wrote: >> Hello, >> >> at this moment 8 packages uses "seccomp" flag: >> >> app-admin/clsync >> app-emulation/qemu >> app-emulation/lxc >> net-dns/bind >> net-misc/tlsdate >> net-misc/tor >> net-misc/lldpd >> sys-apps/systemd >> >> for the very same reason: enable seccomp filtering to improve >> security. Some of them use seccomp directly via system calls, while >> other rely on sys-libs/libseccomp, but this should have no >> difference for users. >> >> I propose to add global "seccomp" USE flag as follows: >> >> seccomp - Enable seccomp for system call filtering >> >> and remove local descriptions for affected packages. >> >> Comments? > > Ping. > > If there are no objections, I'll commit the following changes in a > week:
Seems pretty uncontroversial. FWIW I think you've waited a sufficient amount of time. > 1) Add global seccomp flag with description above. > 2) Remove local seccomp descriptions from metadata of the packages > listed above. > > Best regards, > Andrew Savchenko
