Packages with the seccomp use flag

Global definition: Enable seccomp (secure computing mode) to perform system call filtering at runtime to increase security of programs.

app-admin / clsync : Live sync tool based on inotify, written in GNU C

app-emulation / containerd : A daemon to control runC

app-emulation / cri-o : OCI-based implementation of Kubernetes Container Runtime Interface

app-emulation / docker : The core functions you need to create Docker images and run Docker containers

app-emulation / docker-runc : runc container cli tools (docker fork)

app-emulation / img : Standalone daemon-less unprivileged Dockerfile and OCI container image builder

app-emulation / lxc : LinuX Containers userspace utilities

app-emulation / qemu : QEMU + Kernel-based Virtual Machine userland tools

app-emulation / runc : runc container cli tools

app-misc / pax-utils : ELF utils that can check files for security relevant properties

app-misc / tracker-miners : Collection of data extractors for Tracker/Nepomuk

app-text / zathura : A highly customizable and functional document viewer

gnome-base / gnome-desktop : Library with common API for various GNOME modules

gnome-base / nautilus : Default file manager for the GNOME desktop

kde-plasma / kscreenlocker : Library and components for secure lock screen architecture

net-dns / bind : BIND - Berkeley Internet Name Domain - Name Server

net-dns / bind-tools : bind tools: dig, nslookup, host, nsupdate, dnssec-keygen

net-libs / gnutls : A TLS 1.2 and SSL 3.0 implementation for the GNU project

net-misc / chrony : NTP client and server programs

net-misc / lldpd : Implementation of IEEE 802.1ab (LLDP)

net-misc / memcached : High-performance, distributed memory object caching system

net-misc / ntpsec : The NTP reference implementation, refactored

net-vpn / libreswan : IPsec implementation for Linux, fork of Openswan

net-vpn / tor : Anonymizing overlay network for TCP

sys-apps / file : identify a file's format by scanning binary data for patterns

sys-apps / firejail : Security sandbox for any type of processes

  • Enable system call filtering

sys-apps / firejail-lts : Security sandbox for any type of processes; LTS branch

  • Enable system call filtering

sys-apps / man-db : a man replacement that utilizes berkdb instead of flat files

sys-apps / minijail : helper binary and library for sandboxing & restricting privs of service

sys-apps / sydbox : ptrace-based sandbox

sys-apps / systemd : System and service manager for Linux

x11-misc / xwallpaper : Wallpaper setting utility for X