| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com> |
| Subject: | Re: RFC: seccomp-bpf support |
| Date: | 2019-08-28 18:10:45 |
| Message-ID: | 20190828181045.b5lxugrynxqzz2jc@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 2019-08-28 13:28:06 -0400, Joe Conway wrote:
> > To compute the initial set of allowed system calls, you need to have
> > fantastic test coverage. What you don't want is some rarely used error
> > recovery path to cause a system crash. I wouldn't trust our current
> > coverage for this.
> So if you are worried about that make your default action 'log' and
> watch audit.log. There will be no errors or crashes of postgres caused
> by that because there will be no change in postgres visible behavior.
But the benefit of integrating this into postgres become even less
clear.
> And if returning an error from a syscall causes a crash that would be a
> serious bug and we should fix it.
Err, there's a lot of syscall failures that'll cause PANICs, and where
there's no reasonable way around that.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Kellerer | 2019-08-28 18:20:38 | Re: no mailing list hits in google |
| Previous Message | Andres Freund | 2019-08-28 18:07:09 | Re: RFC: seccomp-bpf support |