seccomp filters: Why kill?

Jamie Strandboge jamie at canonical.com
Mon Apr 4 19:33:36 UTC 2016


On Mon, 2016-04-04 at 14:56 -0400, Kyle Fazzari wrote:
> On 04/04/2016 02:03 PM, Jamie Strandboge wrote:
> > 
> > On Mon, 2016-04-04 at 08:23 -0400, Kyle Fazzari wrote:
> > > 
> > > 
> > > Often times the syscalls being made aren't strictly required (e.g. MySQL
> > > trying to control its thread priorities with `setpriority()`), which
> > > typically leads to my starting with (2) and moving to (3).
> > FYI, this particular syscall is going to be allowed soon once seccomp
> > argument
> > filtering lands, which should be before 16.04 release.
> That's good to know, thank you!
> 
> > 
> > The decision on which to use (KILL vs ERRNO) was an active one back in
> > Capetown 2014
> > sprint (iirc), but perhaps it is time to revisit it based on this feedback.
> > AppArmor uses deny and log so to me it makes some sense to do the same with
> > seccomp.
> I agree. I also imagine upstream contributions to deal with ERRNO will
> be viewed as making things more robust rather than "make this work with
> Snappy." Do you remember the original rational for using KILL?
> 
I do not; perhaps others on this list do.

-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20160404/776819bf/attachment.pgp>


More information about the snappy-devel mailing list