Hi Nikos, Le 14 févr. 2015 13:49, "Nikos Mavrogiannopoulos" <[email protected]> a écrit : > > Hello, > I've added libseccomp into packages. That library allows > programs to easily restrict the system calls they are allowed to use. > In turn that uses the kernel's seccomp filter. That's one of the most > reliable ways to restrict/sandbox processes into specific tasks which > cannot be overriden even in the event of code injection. > > I've also enabled the ocserv package to use seccomp if configured to, > but in order for that protection to become meaningful for other > programs to use as well, it would also need the default kernel option to > enable seccomp filter. > > regards, > Nikos > _______________________________________________
Can you send size with/without seccomp option Regards, Etienne
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
