On Mon, 04 May 2015 02:38:58 -0600, Theo de Raadt wrote: > Those policies will be wide open, or too strict. If we adopt this > into our world, the next step after that is going to be wide use of > #ifdef within bpf rulesets.
I don't see how that follows. Security policies are going to be highly OS-specific due to differences in systems calls. I suppose you could make a simple policy work on different OSes using #ifdef but I think this would be too cumbersome for more complex filters. You can't prevent people from doing stupid things but I don't think that is a good reason to reject seccomp() out of hand. - todd
