By anarazel
For postgresql it seems hard to do do so in a generic fashion. There’s a great emphasis on being able to extend postgres and that extension code will do stuff we don’t allow. Only superusers are allowed to configure/load such extensions for obvious reasons.
There are so called ‘trusted’ languages which means they execute code in a sandboxed manner. But they’re mostly executed in the same process context as the normal backend, so it’ll hard to effectively use seccomp afaics.
See more about this article by clicking the link here: https://news.ycombinator.com/item?id=10217397
anarazel comments on "A seccomp overview"
No comments:
Post a Comment