8 Nov
2022
8 Nov
'22
1:41 p.m.
Glad to see this one is doing the rounds again, one day we're going to have a bug in curl and this will help a lot. If you want any review from kernel side, please feel free to let me know. One thing that immediately strikes me is that it would be better to list the allowed syscalls rather than the denied ones. We're adding new syscalls all the time, after all, and that would make the list somewhat kernel version agnostic. It can always be turned off with a command line option in pacman, after all. Thanks, Chris