Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of

From:	Eli Zaretskii
Subject:	Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073)
Date:	Wed, 26 Jan 2022 05:22:51 +0200

> From: Philipp Stephani <p.stephani2@gmail.com>
> Date: Tue, 25 Jan 2022 21:09:24 +0100
> Cc: Lars Ingebrigtsen <larsi@gnus.org>,
>  Po Lu <luangruo@yahoo.com>,
>  Philipp Stephani <phst@google.com>,
>  emacs-devel@gnu.org
> 
> > It is very worrisome that a change in glibc can break Emacs like that.
> > I wonder what it means for the maintainability of Emacs in the long
> > run.  I have a bad feeling about this.
> 
> Just to clarify this, nothing here has really broken Emacs.  Emacs itself 
> doesn't depend on libseccomp or the specific seccomp filter at all.  It's 
> just that newer versions of glibc will occasionally add new syscalls which 
> will then need to get added to seccomp filters for sandboxing to continue 
> working; the sandbox can only be secure if it fails-close (i.e. exits the 
> process when encountering an unknown syscall).

That is exactly my problem with these situations: sandboxed Emacs
stops working too frequently for that to be a reliable option.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), (continued)

Prev by Date: Re: Time to merge scratch/correct-warning-pos into master, perhaps?
Next by Date: Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073)
Previous by thread: Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073)
Next by thread: Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073)
Index(es):
- Date
- Thread