LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Expanding seccomp

Expanding seccomp

Posted May 13, 2011 0:06 UTC (Fri) by cras (guest, #7000)
In reply to: Expanding seccomp by dlang
Parent article: Expanding seccomp

I'm not too interested in the "tag" vs "path" debate. For my use case (IMAP server) I don't think it makes any real difference. Many people use virtual users, where all users' mails are stored using
the same UNIX UID. For extra security it is possible to chroot into a user's mail directory though. So I'd primarily want to avoid any potential ways to get around that chroot into other users' mails, by preventing syscalls that just aren't necessary.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds