On 3/20/20 11:49 PM, Finn Thain wrote:
I suspect (without evidence) that many m68k systems are actually virtual
machines. And the need for container hosting on m68k seems negligible.
It isn't about security. It's about being able to build more packages
as some packages have started to make libseccomp support mandatory.
Therefore, there doesn't seem to be a lot of actual benefit from seccomp.
I disagree for the aforementioned reasons.
There are 17 architectures (out of 25) lacking seccomp support. This
suggests that the portability issue around this missing feature can't
easily be pinned on m68k.
The question is how many of these 17 architectures are actually supported
by Debian.
If you look at the build results for libseccomp in Debian, you can see that
alpha, ia64, m68k, sh and sparc64 are missing the feature, everyone else
supports it [1].
Adrian
[1] https://buildd.debian.org/status/package.php?p=libseccomp&suite=sid