|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Mon, Apr 9, 2012 at 11:58 AM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > With the seccomp patches finally stabilizing a bit, it seems like now is a > good time to announce libseccomp: a library designed to make it easier to > create complex, architecture independent seccomp filters. > > * http://sourceforge.net/projects/libseccomp/ > * git clone git://git.code.sf.net/p/libseccomp/libseccomp This looks really great; nice work! I see that the arch check happens during _gen_bpf_build_bpf(), which is excellent. Do you have any thoughts about including a call to prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) by default as well? -Kees -- Kees Cook ChromeOS Security -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
[Fedora Maintainers] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
