Testing chrony seccomp support
mlichvar at redhat.com
Wed Oct 7 12:13:36 UTC 2015
On Wed, Oct 07, 2015 at 09:24:22AM +0200, Dan Horák wrote:
> On Mon, 5 Oct 2015 13:58:26 +0200
> Miroslav Lichvar <mlichvar at redhat.com> wrote:
> > In chrony 2.2-pre1 was added support for system call filtering with
> > the kernel seccomp facility. In chrony it's mainly useful to reduce
> > the damage from attackers who can execute arbitrary code, e.g. prevent
> > gaining the root privileges through a kernel vulnerability.
> please keep in mind that libseccomp currently supports only limited set
> of architectures -
> It will change (in Rawhide) after mainline kernel 4.3 release when s390
> and ppc will become supported as well.
The chrony spec should now follow that. Thanks.
More information about the devel