On Wed, Feb 26, 2014 at 04:28:43AM +0000, Shawn Routhier via RT wrote:
> On Mon Feb 24 12:51:27 2014, logan@elandsys.com wrote:
> 
> >
> > I saw that DHCP 4.3.0 was released. I would like to know if there is
> > interest in the sandboxing patch for the next release of ISC-dhcpd.
> >
> > I've made further improvements to it.
> >
> 
> We are interested in it, but I have been allowing the Bind9 team to work on and
> review the version of it you did for Bind9. After they complete their effort we
> shall evaluate it and probably include something similar in DHCP. I would like
> the two of them to use a similar style to allow for slightly easier updating in
> the future.

Hi Shawn,

I've updated the diff to shape it closer to what Evan did.

> 
> I do have some concerns about how difficult it will be to keep the code up to
> date, but believe if the patch is written to require the admin to enable it at
> configuration or run time it should be acceptable.
> 

I have the same concerns, and that's why we've been talking to the bind team
about a mailing list for contributors to test the sandbox each each release is
close.

Since we use dhcpd and bind in production environments, we're happy to push
any changes upstream, and report issues, as we run with seccomp enabled on
Linux servers.

Kind regards,
//Logan