[OpenWrt-Devel] adding seccomp and service jailing to procd

Etienne Champetier champetier.etienne at gmail.com
Fri Mar 27 13:32:03 EDT 2015


Hi again,

2015-03-27 15:37 GMT+01:00 John Crispin <blogic at openwrt.org>:

>
>
> On 27/03/2015 13:45, Etienne Champetier wrote:
> > Hi,
> >
> >
> > 2015-03-27 10:42 GMT+01:00 John Crispin <blogic at openwrt.org
> > <mailto:blogic at openwrt.org>>:
> >
> >     OpenWrt service hardening and jailing
> >     =====================================
> >
> >
> > <...>
> >
> >
> >     If there are features that we are not aware of yet or that we forgot
> to
> >     list, then please let us know about them.
> >
> >     Comments and ideas are welcome ...
> >     _______________________________________________
> >
> >
> >
> > Thanks for this impressive piece of work!!! (awesome features and
> > documentation)
> >
> > As you are working on Openwrt hardenning, what need to be done before
> > activating option like
> > STACKPROTECTOR, FORTIFY_SOURCE, RELRO_PARTIAL by default?
> > (i'm already using them in all my builds, but i think everybody should
> > use these options)
>
> i have added them to my list, will look at that in the next days
>

Cool, quick note, RELRO_FULL can really hurt performance for non daemon
stuff, like luci


>
> >
> > Also i would love to hear the pro and cons of extending ubus vs
> > switching to kdbus
> > (i'm not trying to start a debate, and i really have no idea of the work
> > involved, just curious)
>
> we need to discuss this internally. i have already started thinking
> about it.bu have no opinion yet
>
>         John
> _______________________________________________
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150327/fcbe28f7/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list