> On 22 Jun 2023, at 02:21, Peter Firmstone <peter.firmst...@zeus.net.au> wrote: > > This discussion on OpenSearch is worth a read. > https://github.com/opensearch-project/OpenSearch/issues/1687
The cross-platform API (SystemCallFilter) is something that looks like it would make for an interesting separate library. I am well aware that there are things that SM could do that OS-level protection couldn’t, but the delta is small (although it isn’t small in the other direction). That thread essentially says, “why not have both?” That’s irrational from the perspective of prioritising investment. Even from the security perspective alone there are better gains elsewhere. — Ron
