Deprecate x86 support.
There's lots of reasons why this is a good idea:
- Weaker ASLR.
- Seccomp related headaches.
- I wanted to use
gosecco
to do runtime seccomp rule generation, but it only supports amd64. -
libseccomp2
shipped on Debian stable generates wrong code on amd64, so the current workaround of pre-generating compiled bpf at build time usinglibseccomp2
from backports precludes runtime code generation, degrading sandbox effectiveness across all platforms. - x86 systems can't effectively filter out arguments to a lot of socket related system calls because of
socketcall()
.
- I wanted to use
- Supporting hardware I don't have, running software I don't use, to ultimately obtain results that are empirically worse than the other supported platform is a poor use of development time.
- Tails gave up on supporting 32 bit userland (https://labs.riseup.net/code/issues/8183).