Testing chrony seccomp support
Andrew Lutomirski
luto at mit.edu
Mon Oct 5 15:56:26 UTC 2015
On Mon, Oct 5, 2015 at 8:25 AM, Michael Catanzaro <mcatanzaro at gnome.org> wrote:
> On Mon, 2015-10-05 at 07:02 -0700, Andrew Lutomirski wrote:
>> Why is the filter causing SIGSYS instead of forcing an ENOSYS return?
>>
>> I'll look into the abrt thing. It might be an easy fix.
>>
>> --Andy
>
> Simply because it's an experimental project, and it's much easier to
> crash with a core dump so it can be debugged, than to have obscure
> failures all over the place.
For deployment, though, I think the other approach is better. If,
say, memfd_create returns ENOSYS, most libraries will fall back to
older mechanisms.
--Andy
More information about the devel
mailing list