Sounds like a reasonable feature to add. I think, for me, it qualifies
as "happy to accept a patch adding this feature," but not "I'll plan to
do it myself."
On 03/18/2015 11:27 AM, Benjamin Barenblat wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Wednesday, March 18, 2015, at 10:57 am EDT, Adam Chlipala wrote:
Most real Ur/Web deployments so far use the C FFI to make system calls
that "pure" Ur/Web apps never could, so it would be important to make
the [seccomp] policy configurable, which probably requires some
extensions to, e.g., the .urp project-file format […]. How would you
see the Ur/Web programmer experience changing to facilitate Seccomp
usage?
Ideally, it would be completely transparent modulo the settings you
mention. Programmers shouldn’t have to mess with it unless they want to
use the FFI. For backward compatibility, we could even disable it by
default.
We could add a directive to the project file to enable seccomp and to
specify allowed system calls – something like
seccomp_allow_only fstat,fork,mmap2
which would turn on seccomp and allow fstat, fork, and mmap2 (in
addition to the syscalls the various liburweb libraries need, of
course).
_______________________________________________
Ur mailing list
[email protected]
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
