Talk:Seccomp

Patents comment is not NPOV
I feel that the phrase "burdened with patents that aim to restrict the freedoms of grid computing service providers" is not NPOV. Yes, CPUshare has patents, but Andrea says that "the CPUShare project has simply no choice but to try to play best by the current rules of the economy in the hope to succeed." This suggests to me that it is an issue of preventing larger companies from squashing CPUshare by simply creating a much larger service that can easily beat it.

While the ethics of patenting this may be dubious, we should present both sides of the issue, and not put words in Andrea's mouth about the reason for the patents.

-- ThinkingInBinary 13:09, 14 November 2006 (UTC)


 * I've removed the sentence in question. In an article about seccomp, it is not particularly relevant anyway, whether CPUShare is covered by patents or not. -- Rune Kock (talk) 23:48, 17 March 2009 (UTC)

No overhead any more
With the merging of this patch in the mainline kernel seccomp become a totally zero-overhead feature despite the tsc disable.

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cf99abace7e07dd8491e7093a9a9ef11d48838ed

This further patch even reduces the fixed number of bytes that seccomp takes in the kernel .text:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d9d02feeee89e9132034d504c9a45eeaf618a3d

So the most recent part of the seccomp article is now incorrect and outdated. And I refrain to comment on the CPUShare part because I've clear conflict of interest, so I'll wait the community to sort it out eventually.

Andrea —Preceding unsigned comment added by 88.149.242.247 (talk • contribs)

Completely redesigned
Indeed, the whole seccomp mechanism has been dusted off and redesigned since the information in the article. Ris icle (talk) 22:32, 31 May 2012 (UTC)

Merge into sandbox (computer security)
This article is a rather niché topic, and I believe it belongs with sandbox (computer security). My reasoning is this:


 * It's a rather technical subject, only a small component of an OS with little more interface than a set of system calls, with little opportunity to expand.
 * It is only one mechanism of sandboxing.
 * The sandbox (computer security) article is already not very long, and this could be used as an example.

--70.185.221.158 (talk) 13:46, 14 September 2015 (UTC)


 * Oppose: seccomp is notable enough on its own to deserve a separate article, and the fact that seccomp is a technical subject changes pretty much nothing regarding its suitability. We also have other sandbox-like mechanisms (AppArmor, for example) that are described in separate articles as purely technical subjects. &mdash; Dsimic (talk &#124; contribs) 14:07, 14 September 2015 (UTC)
 * Oppose Since currently there is various similar systems in development I think it is important to really differentiate them. Sandboxes can have rather big differences in how they work, what their features are and of course which operating systems they support and which software has implemented them (see the list in the article). I would consider sandboxes a class of software and sandboxing a technique. I agree that if there is sandboxes that barely have users they should be grouped together, but there is a lot one can write about seccomp. For example the history is interesting, that one of the original uses was actually to allow distributed computing with untrusted code. Also it seems to develop, so one might want to add a history, similar to other software projects. For the history parts, etc. I disagree with your first point. I agree with it being only one mechanism, however I think a separate article would probably allow one to go deeper. On the size of the articles I would say that they are simply not written yet. Doing sandboxing the right way (especially on topics like complexity and flexibility) is still a rather new topic. Seccomp is one technology allowing that, but just like I wouldn't put all the software regarding operating system containers (which to some degree and in some areas is a competing technique) into one article I also wouldn't put all the sandboxing technologies into one article. I think there is at least some room for extending both the sandbox and the seccomp article. The focus should maybe lie there, rather than merging the articles. Athaba (talk) 14:03, 10 January 2016 (UTC)

Sydbox section reads like an advert
The part of the article talking about Sydbox as a user of seccomp is too long as the rest of the list is just a list of users and how they use seccomp whereas that item has a whole paragraph and too many references for a simple list. — Preceding unsigned comment added by Mjaggard (talk • contribs) 09:56, 27 January 2022 (UTC)

Translated to Japanese
Hi! I appreciate your wonderful articles. And, I translated this article and create a new Japanese edition. ja:Secure computing mode. Sorry, some of the translation is not completed and under progress, especially "Software using seccomp or seccomp-bpf" section. Best regards, Mr T.I.71 (talk) 10:05, 2 April 2023 (UTC)