Bug 244909 - CONFIG_SECCOMP is not enabled by default
Summary: CONFIG_SECCOMP is not enabled by default
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 7
Hardware: i686
OS: Linux
low
medium
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-19 19:55 UTC by Matthew McDevitt
Modified: 2015-01-04 22:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-06-20 23:29:00 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Matthew McDevitt 2007-06-19 19:55:39 UTC 
Description of problem:
CONFIG_SECCOMP is disabled by default -- popular programs such as
www.cpushare.com require this to be enabled.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Dave Jones 2007-06-20 23:29:00 UTC 
The last time this came up, benchmarking showed that this introduces an
unacceptable performance hit for all users regardless of whether they use this
functionality.
Comment 2 CPUShare 2007-06-21 00:44:40 UTC 
FYI that's not the case for x86-64 and ppc64, futhermore I posted patches on 
l-k that makes it not true for x86 too (they're not rejecting and easy to
incorporate).

Or if you prefer you can drop the (mostly superflous) seccomp check in the
schedule path all together with a one liner on x86 too, that's still a lot 
better than dropping the seccomp functionality as a whole.
Note You need to log in before you can comment on or make changes to this bug.