|
|
|
|
|
|
by jeffbee
1402 days ago
|
|
|
It might be worth it in certain cases of extreme security requirements, but the implications of what you suggest are severe. For example, you've ruled out the convenience of many operator actions. Instead of being able to change your resolver configs, first you'd have to change the resolver configs in the training environment, deploy a model that permits the old and new behavior into prod, then finally deploy your new configs. The same would be true for other things like timezone database updates. Any kind of external stimulus that changes your application's syscall pattern would require such forethought, and it could be a DoS vector. Also, I think people underestimate the runtime cost of linux syscall tracing. It's pretty high. |
|
|