Bug 12366 - CONFIG_SECCOMP is disabled on armv5tel and aarch64
Summary: CONFIG_SECCOMP is disabled on armv5tel and aarch64
Status: CLOSED FIXED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: unspecified All
: Will only affect a few users Security
Assignee: Peter Müller
QA Contact:
URL:
Keywords:
Depends on:
Blocks: KERNSEC 12370
  Show dependency treegraph
 
Reported: 2020-04-14 15:23 UTC by Peter Müller
Modified: 2022-10-20 13:24 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2020-04-14 15:23:17 UTC 
Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: Critical
> 
> This kernel feature is useful for number crunching applications that may need
> to compute untrusted bytecode during their execution. By using pipes or other
> transports made available to the process as file descriptors supporting the
> read/write syscalls it's possible to isolate those applications in their own
> address space using seccomp. Once seccomp is enabled via prctl(PR_SET_SECCOMP)
> it cannot be disabled and the task is only allowed to execute a few safe
> syscalls defined by each seccomp mode.
Comment 1 Peter Müller 2020-06-07 16:58:43 UTC 
https://patchwork.ipfire.org/patch/3163/
Comment 3 Peter Müller 2020-06-20 09:27:52 UTC 
This was reverted meanwhile.