From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
To: Michael Schmitz <schmitzmic@gmail.com>,
Finn Thain <fthain@telegraphics.com.au>
Cc: linux-m68k <linux-m68k@lists.linux-m68k.org>,
Debian m68k <debian-68k@lists.debian.org>,
Helge Deller <deller@gmx.de>
Subject: Re: Seccomp support for linux-m68k
Date: Sat, 21 Mar 2020 23:48:03 +0100 [thread overview]
Message-ID: <5f91b09f-30ff-c658-b2a5-2d4b4efb6372@physik.fu-berlin.de> (raw)
In-Reply-To: <c1e0c86d-fb71-f203-b66b-9645107a270f@gmail.com>
On 3/21/20 11:18 PM, Michael Schmitz wrote:
> Am 21.03.2020 um 11:59 schrieb John Paul Adrian Glaubitz:
>> On 3/20/20 11:49 PM, Finn Thain wrote:
>>> I suspect (without evidence) that many m68k systems are actually virtual
>>> machines. And the need for container hosting on m68k seems negligible.
>>
>> It isn't about security. It's about being able to build more packages
>> as some packages have started to make libseccomp support mandatory.
>
> Is there a good technical reason for this decision? I suppose most of these packages are not about VM or container hosting?
I don't know but I don't think I have a good case arguing against that
as multiple upstream projects are using it.
> What about checking at runtime for availability of the library, and disabling VM related functionality if it wasn't possible to load?
>
> In the event that kernel support can't be avoided: I suppose there a git commit for Helge's hppa changes that would help gauge the effort required for implementing such support?
It doesn't seem to be much that's necessary:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c90f06943e05519a87140dc407cf589c220aeedf
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=910cd32e552ea09caa89cdbe328e468979b030dd
Other architectures are similarly minimal:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8855d608c145c1ca0e26f4da00741080bb49d80d
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d218af78492a36a4ae607c08fedfb59258440314
So, I think it's feasible to add minimal seccomp support for m68k.
PS: I'm going to set up the Amiga 500 with the xsurf500 soonish. Got all hardware
that I need now.
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@debian.org
`. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
next prev parent reply other threads:[~2020-03-21 22:48 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-20 8:46 Seccomp support for linux-m68k John Paul Adrian Glaubitz
2020-03-20 22:49 ` Finn Thain
2020-03-20 22:59 ` John Paul Adrian Glaubitz
2020-03-20 23:08 ` Finn Thain
2020-03-21 22:18 ` Michael Schmitz
2020-03-21 22:48 ` John Paul Adrian Glaubitz [this message]
2020-03-21 23:01 ` John Paul Adrian Glaubitz
2020-07-21 15:13 ` John Paul Adrian Glaubitz
2020-07-25 9:29 ` Michael Schmitz
2020-07-25 11:55 ` Andreas Schwab
2020-07-26 1:23 ` Michael Schmitz
2020-07-26 11:03 ` Andreas Schwab
2020-07-26 21:02 ` Michael Schmitz
2020-07-26 21:08 ` Andreas Schwab
2020-07-26 21:39 ` Michael Schmitz
2020-07-27 6:35 ` Andreas Schwab
2020-07-25 18:54 ` John Paul Adrian Glaubitz
2020-07-26 1:34 ` Michael Schmitz
2020-07-26 7:13 ` Michael Schmitz
2020-07-26 11:05 ` Andreas Schwab
2020-07-26 20:46 ` Michael Schmitz
2020-07-26 21:10 ` Andreas Schwab
2020-07-26 22:40 ` Michael Schmitz
2020-07-25 22:48 ` John Paul Adrian Glaubitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5f91b09f-30ff-c658-b2a5-2d4b4efb6372@physik.fu-berlin.de \
--to=glaubitz@physik.fu-berlin.de \
--cc=debian-68k@lists.debian.org \
--cc=deller@gmx.de \
--cc=fthain@telegraphics.com.au \
--cc=linux-m68k@lists.linux-m68k.org \
--cc=schmitzmic@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox