alois31
f047e4357b
Seccomp filtering and the no-new-privileges functionality improve the security
of the sandbox, and have been enabled by default for a long time. In
#265 it was decided that they
should be enabled unconditionally. Accordingly, remove the allow-new-privileges
(which had weird behavior anyway) and filter-syscall settings, and force the
security features on. Syscall filtering can still be enabled at build time to
support building on architectures libseccomp doesn't support.
Change-Id: Iedbfa18d720ae557dee07a24f69b2520f30119cb
684 B
684 B
| synopsis | cls | category | credits |
|---|---|---|---|
| Enforce syscall filtering and no-new-privileges on Linux | 1063 | Breaking Changes | alois31 |
In order to improve consistency of the build environment, system call filtering and no-new-privileges are now unconditionally enabled on Linux.
The filter-syscalls and allow-new-privileges options which could be used to disable these features under some circumstances have been removed.
In order to support building on architectures without libseccomp support, the option to disable syscall filtering at build time remains. However, other uses of this option are heavily discouraged, since it would reduce the security of the sandbox substantially.