Colin Ian King colin.king at
Fri Oct 6 16:33:48 UTC 2017

 On 06.10.2017 06:44, Tyler Hicks wrote:
> This is a backport of a patch set that improves seccomp logging controls for
> applications and for adminstrators. Snappy needs these patches in order to
> provide proper logging of syscalls that are not allowed while running in
> developer mode (LP: #1567597). Snappy also needs these patches in order to move
> away from the default action of killing snaps when they bump into the sandbox
> walls and, instead, return an errno that is properly logged (LP: #1721676).
> The patches have been acked by seccomp maintainer Kees Cook and they've been
> merged into 4.14:
> See the test case descriptions in the bugs mentioned above for a list of
> successful tests that I've performed (they all pass).
Similar to Stefan's comments.  The backports and cherry picks look good
to me.  Given that these are from upstream, have been tested and are
from trusted developers I'm OK with these changes even though they are a
large changeset and I'm not 100% sure if these changes are fully correct
because I don't have the seccomp domain knowledge.

Acked-by: Colin Ian King <colin.king at>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 837 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the kernel-team mailing list