> On Nov 18, 2018, at 2:17 PM, Jiri Kosina <ji...@kernel.org> wrote: > > It's probably not just browsers, but anything running JITed sandboxed > code. So the most straightforward way might be the prctl() aproach, where > userspace would claim "I do care about this, please fix it up for me". So > prctl() + perhaps SECCOMP.
Yeah, the prctl() shifts the pain to the right place: folks explicitly opting in. Always-on seemed way too draconian to me.
