Re: [gentoo-dev] [RFC] Make seccomp USE flag global
On Fri, 27 Feb 2015 17:48:22 -0800 Matt Turner wrote: [...] I propose to add global seccomp USE flag as follows: seccomp - Enable seccomp for system call filtering and remove local descriptions for affected packages. Comments? Ping. If there are no objections, I'll commit the following changes in a week: Seems pretty uncontroversial. FWIW I think you've waited a sufficient amount of time. Ok, and so it is done. Best regards, Andrew Savchenko pgpXSdxuCWi2P.pgp Description: PGP signature
Re: [gentoo-dev] [RFC] Make seccomp USE flag global
On Fri, Feb 27, 2015 at 5:46 PM, Andrew Savchenko birc...@gentoo.org wrote: On Sat, 21 Feb 2015 02:44:54 +0300 Andrew Savchenko wrote: Hello, at this moment 8 packages uses seccomp flag: app-admin/clsync app-emulation/qemu app-emulation/lxc net-dns/bind net-misc/tlsdate net-misc/tor net-misc/lldpd sys-apps/systemd for the very same reason: enable seccomp filtering to improve security. Some of them use seccomp directly via system calls, while other rely on sys-libs/libseccomp, but this should have no difference for users. I propose to add global seccomp USE flag as follows: seccomp - Enable seccomp for system call filtering and remove local descriptions for affected packages. Comments? Ping. If there are no objections, I'll commit the following changes in a week: Seems pretty uncontroversial. FWIW I think you've waited a sufficient amount of time. 1) Add global seccomp flag with description above. 2) Remove local seccomp descriptions from metadata of the packages listed above. Best regards, Andrew Savchenko
Re: [gentoo-dev] [RFC] Make seccomp USE flag global
On Sat, 21 Feb 2015 02:44:54 +0300 Andrew Savchenko wrote: Hello, at this moment 8 packages uses seccomp flag: app-admin/clsync app-emulation/qemu app-emulation/lxc net-dns/bind net-misc/tlsdate net-misc/tor net-misc/lldpd sys-apps/systemd for the very same reason: enable seccomp filtering to improve security. Some of them use seccomp directly via system calls, while other rely on sys-libs/libseccomp, but this should have no difference for users. I propose to add global seccomp USE flag as follows: seccomp - Enable seccomp for system call filtering and remove local descriptions for affected packages. Comments? Ping. If there are no objections, I'll commit the following changes in a week: 1) Add global seccomp flag with description above. 2) Remove local seccomp descriptions from metadata of the packages listed above. Best regards, Andrew Savchenko pgprlOeGKFb_k.pgp Description: PGP signature
