Bug 12366

Summary:	CONFIG_SECCOMP is disabled on armv5tel and aarch64
Product:	IPFire	Reporter:	Peter Müller <peter.mueller>
Component:	---	Assignee:	Peter Müller <peter.mueller>
Status:	CLOSED FIXED	QA Contact:
Severity:	Security
Priority:	Will only affect a few users	CC:	peter.mueller
Version:	2
Hardware:	unspecified
OS:	All
Bug Depends on:
Bug Blocks:	12361, 12370

Description Peter Müller 2020-04-14 15:23:17 UTC

Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: Critical
> 
> This kernel feature is useful for number crunching applications that may need
> to compute untrusted bytecode during their execution. By using pipes or other
> transports made available to the process as file descriptors supporting the
> read/write syscalls it's possible to isolate those applications in their own
> address space using seccomp. Once seccomp is enabled via prctl(PR_SET_SECCOMP)
> it cannot be disabled and the task is only allowed to execute a few safe
> syscalls defined by each seccomp mode.

Comment 1 Peter Müller 2020-06-07 16:58:43 UTC

https://patchwork.ipfire.org/patch/3163/

Comment 2 Peter Müller 2020-06-09 17:08:25 UTC

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=7617da3bba48d40284c2fd93d0265a0bce64aed0

Comment 3 Peter Müller 2020-06-20 09:27:52 UTC

This was reverted meanwhile.

Comment 4 Peter MÃ¼ller 2022-10-04 15:24:55 UTC

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=16eb2d5379757076c23b4cdd14a8af595fd9d1bc

Comment 5 Peter MÃ¼ller 2022-10-06 08:30:39 UTC

https://blog.ipfire.org/post/ipfire-2-27-core-update-171-is-available-for-testing

Comment 6 Peter MÃ¼ller 2022-10-20 13:24:08 UTC

https://blog.ipfire.org/post/ipfire-2-27-core-update-171-released-security-advisory