On Friday, November 22, 2013 04:48:41 PM Stefan Hajnoczi wrote: > On Fri, Nov 22, 2013 at 09:44:42AM -0500, Paul Moore wrote: > > On Friday, November 22, 2013 11:39:31 AM Stefan Hajnoczi wrote: > > > On Thu, Nov 21, 2013 at 10:48:58AM -0500, Paul Moore wrote: > > > > I'm always open to suggestions on how to improve the > > > > development/debugging > > > > process, so if you have any ideas please let me know. > > > > > > The failure mode is terrible: > > Glad to see you don't feel strongly about things. > > Sorry for the rant :). I know you and Eduardo understand the issues and > have already been working on them.
I can't speak for Eduardo, but no worries on my end; it just wouldn't be an Open Source project without a bit of hyperbole now and then would it? ;) > I hope hearing it from a developer who isn't following seccomp is useful > though. Definitely. I should have said it earlier, but I do appreciate you taking the time to comment. > It shows which issues stick out and hinder usability. Users will only be > happy with seccomp when it works silently behind the scenes. Exactly. Users don't tolerate bugs and I don't blame them. After all, at some point we are all users too. > Developers will only be happy with seccomp if it's easy and rewarding to > support/debug. Agreed. As a developer, how do you feel about the audit/syslog based approach I mentioned earlier? -- paul moore security and virtualization @ redhat