[RFC] Syntax Proposal for Seccomp Filters in Upstart
Steve Langasek
steve.langasek at ubuntu.com
Tue Dec 18 17:58:19 UTC 2012
On Tue, Dec 18, 2012 at 05:29:27PM +0100, David Gaarenstroom wrote:
> > Combined with the fact that, as mentioned, errno numeric values are not
> > portable across architectures, I think it's better to just prohibit them
> > outright rather than allow users to write jobs that will behave in
> > unexpected manners.
> I wouldn't advice using numeric values either, I'd only allow them as
> fall-back. James' concern seems to be that syscall numbers might be
> missing, and that might be just as much the case for errno numbers...
> If someone likes to use a numeric value he *must* have a very good
> reason for doing so and he should realize that that's
> risky/non-portable/hackish.
This simply is not as enforceable requirement. If you make the facility
available, someone *will* use it for the wrong reasons, and create
gratuitously unportable jobs (which *misbehave* rather than fail when copied
between systems).
The way to make sure that people aren't using numeric errno or syscall
values without a good reason is to disallow it entirely in the first
implementation, and wait for someone to come to us with their problems.
Then when we have *real* use cases rather than just theoretical ones, we can
try to solve them in a way that minimizes the risk of foot-shooting.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/upstart-devel/attachments/20121218/0cd043bd/attachment.pgp>
More information about the upstart-devel
mailing list