dangerzone icon indicating copy to clipboard operation
dangerzone copied to clipboard
verified publisher icon freedomofpress

Always use our own seccomp policy as a default.

Open almet opened this issue 1 year ago • 1 comments

As per Etienne Perot's comment on #908:

Then it seems to me like it would be easy to simply apply this seccomp profile under all container runtimes (since there's no reason why the same image and the same command-line would call different syscalls under different container runtimes).

As mentioned in the comments there, we might want to tighten the default seccomp policy, to have more control on what we accept or not.

Fixes #908

almet avatar Sep 19 '24 13:09 almet

I took the liberty to make some rewordings in the PR, in a separate fixup commit. Also, I've commented on the original issue about our change of course on this subject (see https://github.com/freedomofpress/dangerzone/issues/846#issuecomment-2371113163). Other than that, feel free to squash and merge.

apyrgio avatar Sep 24 '24 13:09 apyrgio