seccomp filters: Why kill?

Kyle Fazzari kyle.fazzari at canonical.com
Fri Apr 8 15:23:41 UTC 2016



On 04/07/2016 02:19 PM, Jamie Strandboge wrote:
> On Tue, 2016-04-05 at 09:01 -0500, Jamie Strandboge wrote:
>> I'm inclined to just queue this up in the next launcher upload.
>>
> FYI, this will not be in the next upload as seccomp doesn't currently support
> logging with ERRNO(EPERM). I've discussed this with upstream and they are
> considering updating seccomp for this. If that happens, we'll need to add this
> patch to the list of required patches for snappy kernels, update libseccomp and
> then adjust the launcher.
> 
> Note, the lack of seccomp logging also has an impact on developer mode since
> only KILL is logged. I'm discussing this with upstream as well.

Ah, darn. To be clear, the logging for ERRNO is missing support in both
libseccomp and the kernel?

--
Kyle Fazzari (kyrofa)
Software Engineer
Canonical Ltd.
kyle at canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20160408/43bed4bf/attachment.pgp>


More information about the snappy-devel mailing list