Enabling Secure Computing (SECCOMP)
Chuck Ebbert
cebbert at redhat.com
Thu Sep 20 18:41:26 UTC 2007
On 09/19/2007 04:30 PM, Roland McGrath wrote:
>> The reasons against it in the past were that it slowed down
>> the common case (people who aren't using the feature)
>
> It doesn't look like it should.
>
With the latest patches in 2.6.23 it looks like the overhead
is just about zero, so I enabled it on the principle that we
basically enable everything we possibly can...
And I wish more people would look at using it for untrusted
code, e.g. a JPEG decoder could run in the "jail" and it
couldn't cause any harm even if someone managed to exploit
it.
More information about the Fedora-kernel-list
mailing list