[SRU][XENIAL][PATCH 0/7]
Tyler Hicks
tyhicks at canonical.com
Fri Oct 6 04:43:42 UTC 2017
This is a backport of a patch set that improves seccomp logging controls for
applications and for adminstrators. Snappy needs these patches in order to
provide proper logging of syscalls that are not allowed while running in
developer mode (LP: #1567597). Snappy also needs these patches in order to move
away from the default action of killing snaps when they bump into the sandbox
walls and, instead, return an errno that is properly logged (LP: #1721676).
The patches have been acked by seccomp maintainer Kees Cook and they've been
merged into 4.14:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0a3a64e723324ae6dda53214061a71de63808c3
See the test case descriptions in the bugs mentioned above for a list of
successful tests that I've performed (they all pass).
Thanks!
Tyler
More information about the kernel-team
mailing list