[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by defau

From: Paul Moore
Subject: Re: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by default
Date: Fri, 22 Nov 2013 11:00:24 -0500
User-agent: KMail/4.11.3 (Linux/3.12.0-gentoo; KDE/4.11.3; x86_64; ; )

On Friday, November 22, 2013 04:48:41 PM Stefan Hajnoczi wrote:
> On Fri, Nov 22, 2013 at 09:44:42AM -0500, Paul Moore wrote:
> > On Friday, November 22, 2013 11:39:31 AM Stefan Hajnoczi wrote:
> > > On Thu, Nov 21, 2013 at 10:48:58AM -0500, Paul Moore wrote:
> > > > I'm always open to suggestions on how to improve the
> > > > development/debugging
> > > > process, so if you have any ideas please let me know.
> > > 
> > > The failure mode is terrible:
> > Glad to see you don't feel strongly about things.
> Sorry for the rant :).  I know you and Eduardo understand the issues and
> have already been working on them.

I can't speak for Eduardo, but no worries on my end; it just wouldn't be an 
Open Source project without a bit of hyperbole now and then would it? ;)

> I hope hearing it from a developer who isn't following seccomp is useful
> though.

Definitely.  I should have said it earlier, but I do appreciate you taking the 
time to comment.

> It shows which issues stick out and hinder usability.  Users will only be
> happy with seccomp when it works silently behind the scenes.

Exactly.  Users don't tolerate bugs and I don't blame them.  After all, at 
some point we are all users too.

> Developers will only be happy with seccomp if it's easy and rewarding to
> support/debug.


As a developer, how do you feel about the audit/syslog based approach I 
mentioned earlier?

paul moore
security and virtualization @ redhat

reply via email to

[Prev in Thread] Current Thread [Next in Thread]