[OpenWrt-Devel] enabling seccomp by default in kernel

Etienne Champetier champetier.etienne at gmail.com
Sat Feb 14 08:54:33 EST 2015


Hi Nikos,

Le 14 févr. 2015 13:49, "Nikos Mavrogiannopoulos" <nmav at gnutls.org> a écrit
:
>
> Hello,
>  I've added libseccomp into packages. That library allows
> programs to easily restrict the system calls they are allowed to use.
> In turn that uses the kernel's seccomp filter. That's one of the most
> reliable ways to restrict/sandbox processes into specific tasks which
> cannot be overriden even in the event of code injection.
>
> I've also enabled the ocserv package to use seccomp if configured to,
> but in order for that protection to become meaningful for other
> programs to use as well, it would also need the default kernel option to
> enable seccomp filter.
>
> regards,
> Nikos
> _______________________________________________

Can you send size with/without seccomp option

Regards,
Etienne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150214/36b5fe49/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list