MONDAY, APRIL 20, 2026 GLIBC DIGEST · OPEN-SOURCE SYSTEMS DAILY VOL. 1 · NO. 110
Late Edition · APRIL 20, 2026 · VOL. 1 · NO. 110
The glibc Digest
— A Daily Record of the GNU C Library —
WEDNESDAY, FEBRUARY 11, 2026
glibc Stalled

Add system-wide tunables: Filters

Adds filters to system-wide tunables based on process name and security status (AT_SECURE), limiting tunable application to matching processes.

By DJ Delorie <[email protected]> February 11, 2026 Sentiment 5 / 10

This patch adds support for filtering tunables based on the process executable path (matching /proc/self/exe or argv[0]) and the AT_SECURE flag. Tunables defined after a filter line apply only to matching processes. Filters can match either the full path or the basename. Support for filtering based on the presence or absence of AT_SECURE is also added.

Technical Tradeoffs

  • Enables fine-grained control but increases configuration complexity.
  • Filtering based on process name might not be reliable in all cases.
  • Adds overhead to tunable application due to filter evaluation.
Filed Under: tunablesfilterssecurityconfigurationapplication-specific
View Original Thread →