tyhicks at canonical.com
Fri Oct 6 04:43:42 UTC 2017
This is a backport of a patch set that improves seccomp logging controls for
applications and for adminstrators. Snappy needs these patches in order to
provide proper logging of syscalls that are not allowed while running in
developer mode (LP: #1567597). Snappy also needs these patches in order to move
away from the default action of killing snaps when they bump into the sandbox
walls and, instead, return an errno that is properly logged (LP: #1721676).
The patches have been acked by seccomp maintainer Kees Cook and they've been
merged into 4.14:
See the test case descriptions in the bugs mentioned above for a list of
successful tests that I've performed (they all pass).
More information about the kernel-team