1. 10
  1.  

  2. 3

    While I am happy that there is such functionality in the Linux kernel, this feels like a slightly over-engineered and complex solution to the problem of restricting access to certain system calls.

    1. 3

      I agree – seccomp really seems to suffer from second system effect. I think the biggest problem is that it makes the logical next step in sandboxing system calls unnecessarily hard. I glossed over it in the article, but inspecting any non-integer system call arguments requires a supervising process to inspect the sandboxed process with ptrace.

    2. 1

      Is there a lot of stuff using this?

      1. 2

        There are a few things. The most popular user is probably Chrome.

      2. 1

        Pledge vs this…. I think I’d have to say pledge. It might be less featured, but it’s a helluva lot easier to get right, which counts for sooo much more.

        Great intro though!