[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by defau
|
From: |
Paul Moore |
|
Subject: |
Re: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by default |
|
Date: |
Fri, 22 Nov 2013 11:00:24 -0500 |
|
User-agent: |
KMail/4.11.3 (Linux/3.12.0-gentoo; KDE/4.11.3; x86_64; ; ) |
On Friday, November 22, 2013 04:48:41 PM Stefan Hajnoczi wrote:
> On Fri, Nov 22, 2013 at 09:44:42AM -0500, Paul Moore wrote:
> > On Friday, November 22, 2013 11:39:31 AM Stefan Hajnoczi wrote:
> > > On Thu, Nov 21, 2013 at 10:48:58AM -0500, Paul Moore wrote:
> > > > I'm always open to suggestions on how to improve the
> > > > development/debugging
> > > > process, so if you have any ideas please let me know.
> > >
> > > The failure mode is terrible:
> > Glad to see you don't feel strongly about things.
>
> Sorry for the rant :). I know you and Eduardo understand the issues and
> have already been working on them.
I can't speak for Eduardo, but no worries on my end; it just wouldn't be an
Open Source project without a bit of hyperbole now and then would it? ;)
> I hope hearing it from a developer who isn't following seccomp is useful
> though.
Definitely. I should have said it earlier, but I do appreciate you taking the
time to comment.
> It shows which issues stick out and hinder usability. Users will only be
> happy with seccomp when it works silently behind the scenes.
Exactly. Users don't tolerate bugs and I don't blame them. After all, at
some point we are all users too.
> Developers will only be happy with seccomp if it's easy and rewarding to
> support/debug.
Agreed.
As a developer, how do you feel about the audit/syslog based approach I
mentioned earlier?
--
paul moore
security and virtualization @ redhat