>> I am wondering if the seccomp system call [1] would be welcomed >> in the OpenBSD tree. I remember it was among the subjects of last >> year's Google Summer of Code. If there is still interest in having >> it implemented, I am willing to work on it: I have a diff that >> creates the system call and allows seccomp to be called with the >> SECCOMP_SET_MODE_STRICT operation. It's a first step, the next (big) >> one would be BPF(4) syscall filtering. > >Personally, I think seccomp-bpf could be a superior alternative to >systrace and I'd love to see an implementation. Other developers (inc. >Theo) are skeptical though, but this is probably a case where the >argument won't be settled without a concrete implementation to look at.
I am very skeptical about a bpf-style model, because: People are currently writing policies specific to what glibc does; or what they believe it is doing. Those policies will be wide open, or too strict. If we adopt this into our world, the next step after that is going to be wide use of #ifdef within bpf rulesets.
