Talk:Seccomp

Latest comment: 1 year ago by Mr T.I.71 in topic Translated to Japanese

Patents comment is not NPOV

edit

I feel that the phrase "burdened with patents that aim to restrict the freedoms of grid computing service providers" is not NPOV. Yes, CPUshare has patents, but Andrea says that "the CPUShare project has simply no choice but to try to play best by the current rules of the economy in the hope to succeed." This suggests to me that it is an issue of preventing larger companies from squashing CPUshare by simply creating a much larger service that can easily beat it.

While the ethics of patenting this may be dubious, we should present both sides of the issue, and not put words in Andrea's mouth about the reason for the patents.

-- ThinkingInBinary 13:09, 14 November 2006 (UTC)Reply

I've removed the sentence in question. In an article about seccomp, it is not particularly relevant anyway, whether CPUShare is covered by patents or not. -- Rune Kock (talk) 23:48, 17 March 2009 (UTC)Reply

No overhead any more

edit

With the merging of this patch in the mainline kernel seccomp become a totally zero-overhead feature despite the tsc disable.

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cf99abace7e07dd8491e7093a9a9ef11d48838ed

This further patch even reduces the fixed number of bytes that seccomp takes in the kernel .text:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d9d02feeee89e9132034d504c9a45eeaf618a3d

So the most recent part of the seccomp article is now incorrect and outdated. And I refrain to comment on the CPUShare part because I've clear conflict of interest, so I'll wait the community to sort it out eventually.

Andrea —Preceding unsigned comment added by 88.149.242.247 (talkcontribs)

Completely redesigned

edit

Indeed, the whole seccomp mechanism has been dusted off and redesigned since the information in the article. Ris icle (talk) 22:32, 31 May 2012 (UTC)Reply

Merge into sandbox (computer security)

edit
The following discussion is closed. Please do not modify it. Subsequent comments should be made in a new section. A summary of the conclusions reached follows.
The result of this discussion was no consensus. — Dsimic (talk | contribs) 10:21, 6 February 2016 (UTC)Reply

This article is a rather niché topic, and I believe it belongs with sandbox (computer security). My reasoning is this:

  • It's a rather technical subject, only a small component of an OS with little more interface than a set of system calls, with little opportunity to expand.
  • It is only one mechanism of sandboxing.
  • The sandbox (computer security) article is already not very long, and this could be used as an example.

--70.185.221.158 (talk) 13:46, 14 September 2015 (UTC)Reply

  • Oppose: seccomp is notable enough on its own to deserve a separate article, and the fact that seccomp is a technical subject changes pretty much nothing regarding its suitability. We also have other sandbox-like mechanisms (AppArmor, for example) that are described in separate articles as purely technical subjects. — Dsimic (talk | contribs) 14:07, 14 September 2015 (UTC)Reply
  • Oppose Since currently there is various similar systems in development I think it is important to really differentiate them. Sandboxes can have rather big differences in how they work, what their features are and of course which operating systems they support and which software has implemented them (see the list in the article). I would consider sandboxes a class of software and sandboxing a technique. I agree that if there is sandboxes that barely have users they should be grouped together, but there is a lot one can write about seccomp. For example the history is interesting, that one of the original uses was actually to allow distributed computing with untrusted code. Also it seems to develop, so one might want to add a history, similar to other software projects. For the history parts, etc. I disagree with your first point. I agree with it being only one mechanism, however I think a separate article would probably allow one to go deeper. On the size of the articles I would say that they are simply not written yet. Doing sandboxing the right way (especially on topics like complexity and flexibility) is still a rather new topic. Seccomp is one technology allowing that, but just like I wouldn't put all the software regarding operating system containers (which to some degree and in some areas is a competing technique) into one article I also wouldn't put all the sandboxing technologies into one article. I think there is at least some room for extending both the sandbox and the seccomp article. The focus should maybe lie there, rather than merging the articles. Athaba (talk) 14:03, 10 January 2016 (UTC)Reply
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Sydbox section reads like an advert

edit

The part of the article talking about Sydbox as a user of seccomp is too long as the rest of the list is just a list of users and how they use seccomp whereas that item has a whole paragraph and too many references for a simple list. — Preceding unsigned comment added by Mjaggard (talkcontribs) 09:56, 27 January 2022 (UTC)Reply

Translated to Japanese

edit

Hi! I appreciate your wonderful articles. And, I translated this article and create a new Japanese edition. ja:Secure computing mode. Sorry, some of the translation is not completed and under progress, especially "Software using seccomp or seccomp-bpf" section. Best regards, Mr T.I.71 (talk) 10:05, 2 April 2023 (UTC)Reply