On 3/21/20 11:18 PM, Michael Schmitz wrote: > Am 21.03.2020 um 11:59 schrieb John Paul Adrian Glaubitz: >> On 3/20/20 11:49 PM, Finn Thain wrote: >>> I suspect (without evidence) that many m68k systems are actually virtual >>> machines. And the need for container hosting on m68k seems negligible. >> >> It isn't about security. It's about being able to build more packages >> as some packages have started to make libseccomp support mandatory. > > Is there a good technical reason for this decision? I suppose most of these > packages are not about VM or container hosting?
I don't know but I don't think I have a good case arguing against that as multiple upstream projects are using it. > What about checking at runtime for availability of the library, and disabling > VM related functionality if it wasn't possible to load? > > In the event that kernel support can't be avoided: I suppose there a git > commit for Helge's hppa changes that would help gauge the effort required for > implementing such support? It doesn't seem to be much that's necessary: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c90f06943e05519a87140dc407cf589c220aeedf > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=910cd32e552ea09caa89cdbe328e468979b030dd Other architectures are similarly minimal: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8855d608c145c1ca0e26f4da00741080bb49d80d > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d218af78492a36a4ae607c08fedfb59258440314 So, I think it's feasible to add minimal seccomp support for m68k. PS: I'm going to set up the Amiga 500 with the xsurf500 soonish. Got all hardware that I need now. Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - [email protected] `. `' Freie Universitaet Berlin - [email protected] `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
