tame(2) is so much easier to wrap my head around, it's unobtrusive.. and from the examples, makes it easy to discover better design idioms.
@canadianbryan I like the concept but I think it's insufficiently rigorous for full sandboxing, just suitable as hardening/mitigation.
-
-
@RichFelker It will be used along side privsep and chroot(2) on OpenBSD, and systrace(4) still has uses. But tame(0) seems rigorous to me. -
@canadianbryan Certainly with a 0 argument it's rigorous, but likely useless. I was thinking in comparison to chrome seccomp sandbox. -
@RichFelker I don't know, but with seccomp you can be too rigorous, or too permissive.. but always be maintaining those fragile lists. -
@canadianbryan Agree completely. Chrome's filters are subtly broken with@musllibc still. A better solution is needed.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.