ACK: [SRU][XENIAL][PATCH 0/7]
Colin Ian King
colin.king at canonical.com
Fri Oct 6 08:49:39 UTC 2017
On 06/10/17 05:43, Tyler Hicks wrote:
> This is a backport of a patch set that improves seccomp logging controls for
> applications and for adminstrators. Snappy needs these patches in order to
> provide proper logging of syscalls that are not allowed while running in
> developer mode (LP: #1567597). Snappy also needs these patches in order to move
> away from the default action of killing snaps when they bump into the sandbox
> walls and, instead, return an errno that is properly logged (LP: #1721676).
> The patches have been acked by seccomp maintainer Kees Cook and they've been
> merged into 4.14:
> See the test case descriptions in the bugs mentioned above for a list of
> successful tests that I've performed (they all pass).
Similar to Stefan's comments. The backports and cherry picks look good
to me. Given that these are from upstream, have been tested and are
from trusted developers I'm OK with these changes even though they are a
large changeset and I'm not 100% sure if these changes are fully correct
because I don't have the seccomp domain knowledge.
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the kernel-team