On Tue, Nov 08, 2022 at 01:53:43PM +0000, Chris Down wrote: > Morten Linderud writes: > > On Tue, Nov 08, 2022 at 01:41:46PM +0000, Chris Down wrote: > > > Glad to see this one is doing the rounds again, one day we're going to > > > have > > > a bug in curl and this will help a lot. > > > > > > If you want any review from kernel side, please feel free to let me know. > > > > > > One thing that immediately strikes me is that it would be better to list > > > the > > > allowed syscalls rather than the denied ones. We're adding new syscalls > > > all > > > the time, after all, and that would make the list somewhat kernel version > > > agnostic. It can always be turned off with a command line option in > > > pacman, > > > after all. > > > > I think you are looking at the wrong version. The first iteration has the > > syscall filtering, but this was dropped in v2 of the series :) > > I'm looking at the version linked by Allan :-) Is that not the version being > worked on?
Allan sent a link to the thread itself with the discussion. The patch itself is this I believe https://lists.archlinux.org/archives/list/pacman-dev@lists.archlinux.org/message/UNSL3ADJUIR66HU2C3GOAZOGH5KE3VUP/ -- Morten Linderud PGP: 9C02FF419FECBE16
signature.asc
Description: PGP signature
