Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
interfaces: add default seccomp template #611
Conversation
|
Why are we copying this in? Isn't there a statement in the seccomp syntax to simply inherit from it? |
|
I don't think seccomp has one. I'll check. My main motivation for having it baked-in is so that nothing form outside snappy is required to run with security (so we don't need to live in lockstep with ubuntu-core-security, we don't have to read it separately from a file, we don't have to invalidate it when it gets updated out-of-bound on the desktop, etc.). |
|
The seccomp policy is the same as what we have in ubuntu-core-security/data/seccomp/templates/ubuntu-core/16.04/default. LGTM. |
added a commit
that referenced
this pull request
Mar 8, 2016
zyga
merged commit 5db2fdc
into
snapcore:master
Mar 8, 2016
1 check failed
Integration tests
22 tests run, 0 skipped, 7 failed.
Details
zyga
deleted the
zyga:seccomp
branch
Mar 9, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
zyga commentedMar 8, 2016
This patch copies the default seccomp template that applies to all applications
in all snaps. Since we're keeping all the interface implementations in go it is
easier and arguably more correct to also hold the base policy in the same
place.
Subsequent patches will use this template and incorporate interface-specific
security snippets into it.
Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com