Re: [patch] let CONFIG_SECCOMP default to n
From: Andi Kleen
Date: Wed Jul 12 2006 - 11:42:30 EST
Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> writes:
>
> I really don't care about cpushare and patents for some users of the
> code in question. On the other hand turning on performance harming code
> for a tiny number of users is dumb. If it were a loadable module it
> would be different.
Actually there are some promising applications of seccomp outside
cpushare.
e.g. Andrea at some point proposed to run codecs which often
have security issues in a simple cpusec jail. That's ok for
them because they normally don't need to do any system calls.
I liked the idea. While this can be done with LSM (e.g. apparmor) too
seccomp is definitely much easier and simpler and more "obviously safe"
than anything LSM based.
If the TSC disabling code is taken out the runtime overhead
of seccomp is also very small because it's only tested in slow
paths.
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/