On Tue, Feb 25, 2020, at 1:37 PM Eric S. Raymond <e...@thyrsus.com> wrote: > > James Browning via devel <devel@ntpsec.org>: > > Is there anything preventing the possibility of an early looser > > seccomp setup and then tightening it later possibly with a knob > > to generate terse or verbose warnings instead of dying. > > That is a very interesting idea that I think deserves further > examination. > > Do you have an implementation strategy in mind?
Not really, I thought any adding of knobs would wind up on your list and get dropped. As for the seccomp filter, it would probably involve taking the seccomp code out of ntpd/ ntp_sandbox:sandbox and into a function that could be called once (or twice) with an argument for how early it is being called. If it is being called earlier start the loop at 0 and otherwise at 3+. I should probably code a toy version and see if the idea works. Maybe the hypothetical knob could be called seccompwarn. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel