seccomp filters: Why kill?

Kyle Fazzari kyle.fazzari at
Fri Apr 8 15:23:41 UTC 2016

On 04/07/2016 02:19 PM, Jamie Strandboge wrote:
> On Tue, 2016-04-05 at 09:01 -0500, Jamie Strandboge wrote:
>> I'm inclined to just queue this up in the next launcher upload.
> FYI, this will not be in the next upload as seccomp doesn't currently support
> logging with ERRNO(EPERM). I've discussed this with upstream and they are
> considering updating seccomp for this. If that happens, we'll need to add this
> patch to the list of required patches for snappy kernels, update libseccomp and
> then adjust the launcher.
> Note, the lack of seccomp logging also has an impact on developer mode since
> only KILL is logged. I'm discussing this with upstream as well.

Ah, darn. To be clear, the logging for ERRNO is missing support in both
libseccomp and the kernel?

Kyle Fazzari (kyrofa)
Software Engineer
Canonical Ltd.
kyle at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the snappy-devel mailing list