<p dir="ltr">Hi Nikos,</p>
<p dir="ltr">Le 14 févr. 2015 13:49, "Nikos Mavrogiannopoulos" <<a href="mailto:nmav@gnutls.org">nmav@gnutls.org</a>> a écrit :<br>
><br>
> Hello,<br>
> I've added libseccomp into packages. That library allows<br>
> programs to easily restrict the system calls they are allowed to use.<br>
> In turn that uses the kernel's seccomp filter. That's one of the most<br>
> reliable ways to restrict/sandbox processes into specific tasks which<br>
> cannot be overriden even in the event of code injection.<br>
><br>
> I've also enabled the ocserv package to use seccomp if configured to,<br>
> but in order for that protection to become meaningful for other<br>
> programs to use as well, it would also need the default kernel option to<br>
> enable seccomp filter.<br>
><br>
> regards,<br>
> Nikos<br>
> _______________________________________________</p>
<p dir="ltr">Can you send size with/without seccomp option</p>
<p dir="ltr">Regards,<br>
Etienne<br>
</p>