* [gentoo-dev] [RFC] Make "seccomp" USE flag global
@ 2015-02-20 23:44 Andrew Savchenko
2015-02-28 1:46 ` Andrew Savchenko
0 siblings, 1 reply; 4+ messages in thread
From: Andrew Savchenko @ 2015-02-20 23:44 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 630 bytes --]
Hello,
at this moment 8 packages uses "seccomp" flag:
app-admin/clsync
app-emulation/qemu
app-emulation/lxc
net-dns/bind
net-misc/tlsdate
net-misc/tor
net-misc/lldpd
sys-apps/systemd
for the very same reason: enable seccomp filtering to improve
security. Some of them use seccomp directly via system calls, while
other rely on sys-libs/libseccomp, but this should have no
difference for users.
I propose to add global "seccomp" USE flag as follows:
seccomp - Enable seccomp for system call filtering
and remove local descriptions for affected packages.
Comments?
Best regards,
Andrew Savchenko
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-dev] [RFC] Make "seccomp" USE flag global
2015-02-20 23:44 [gentoo-dev] [RFC] Make "seccomp" USE flag global Andrew Savchenko
@ 2015-02-28 1:46 ` Andrew Savchenko
2015-02-28 1:48 ` Matt Turner
0 siblings, 1 reply; 4+ messages in thread
From: Andrew Savchenko @ 2015-02-28 1:46 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 961 bytes --]
On Sat, 21 Feb 2015 02:44:54 +0300 Andrew Savchenko wrote:
> Hello,
>
> at this moment 8 packages uses "seccomp" flag:
>
> app-admin/clsync
> app-emulation/qemu
> app-emulation/lxc
> net-dns/bind
> net-misc/tlsdate
> net-misc/tor
> net-misc/lldpd
> sys-apps/systemd
>
> for the very same reason: enable seccomp filtering to improve
> security. Some of them use seccomp directly via system calls, while
> other rely on sys-libs/libseccomp, but this should have no
> difference for users.
>
> I propose to add global "seccomp" USE flag as follows:
>
> seccomp - Enable seccomp for system call filtering
>
> and remove local descriptions for affected packages.
>
> Comments?
Ping.
If there are no objections, I'll commit the following changes in a
week:
1) Add global seccomp flag with description above.
2) Remove local seccomp descriptions from metadata of the packages
listed above.
Best regards,
Andrew Savchenko
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-dev] [RFC] Make "seccomp" USE flag global
2015-02-28 1:46 ` Andrew Savchenko
@ 2015-02-28 1:48 ` Matt Turner
2015-02-28 22:14 ` Andrew Savchenko
0 siblings, 1 reply; 4+ messages in thread
From: Matt Turner @ 2015-02-28 1:48 UTC (permalink / raw
To: gentoo-dev
On Fri, Feb 27, 2015 at 5:46 PM, Andrew Savchenko <bircoph@gentoo.org> wrote:
> On Sat, 21 Feb 2015 02:44:54 +0300 Andrew Savchenko wrote:
>> Hello,
>>
>> at this moment 8 packages uses "seccomp" flag:
>>
>> app-admin/clsync
>> app-emulation/qemu
>> app-emulation/lxc
>> net-dns/bind
>> net-misc/tlsdate
>> net-misc/tor
>> net-misc/lldpd
>> sys-apps/systemd
>>
>> for the very same reason: enable seccomp filtering to improve
>> security. Some of them use seccomp directly via system calls, while
>> other rely on sys-libs/libseccomp, but this should have no
>> difference for users.
>>
>> I propose to add global "seccomp" USE flag as follows:
>>
>> seccomp - Enable seccomp for system call filtering
>>
>> and remove local descriptions for affected packages.
>>
>> Comments?
>
> Ping.
>
> If there are no objections, I'll commit the following changes in a
> week:
Seems pretty uncontroversial. FWIW I think you've waited a sufficient
amount of time.
> 1) Add global seccomp flag with description above.
> 2) Remove local seccomp descriptions from metadata of the packages
> listed above.
>
> Best regards,
> Andrew Savchenko
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-dev] [RFC] Make "seccomp" USE flag global
2015-02-28 1:48 ` Matt Turner
@ 2015-02-28 22:14 ` Andrew Savchenko
0 siblings, 0 replies; 4+ messages in thread
From: Andrew Savchenko @ 2015-02-28 22:14 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 534 bytes --]
On Fri, 27 Feb 2015 17:48:22 -0800 Matt Turner wrote:
[...]
> >> I propose to add global "seccomp" USE flag as follows:
> >>
> >> seccomp - Enable seccomp for system call filtering
> >>
> >> and remove local descriptions for affected packages.
> >>
> >> Comments?
> >
> > Ping.
> >
> > If there are no objections, I'll commit the following changes in a
> > week:
>
> Seems pretty uncontroversial. FWIW I think you've waited a sufficient
> amount of time.
Ok, and so it is done.
Best regards,
Andrew Savchenko
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-02-28 22:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-20 23:44 [gentoo-dev] [RFC] Make "seccomp" USE flag global Andrew Savchenko
2015-02-28 1:46 ` Andrew Savchenko
2015-02-28 1:48 ` Matt Turner
2015-02-28 22:14 ` Andrew Savchenko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox