Paul Chaignon's GSoC status report - #10 of 12
Paul Chaignon
paul.chaignon at gmail.com
Mon Aug 5 19:44:46 UTC 2019
Hi all,
Accomplishments:
- Set up new aarch64 board to run tests for seccomp patchset. It looks
okay so far. I found one issue with the AUDIT_ARCH_XXX constants
(discussed on the mailing list).
- Sent v2 RFC for seccomp patchset. I started addressing reviews and
other bugs I found while re-reading (including: warning for
"seccomp-filter requested but unavailable" is always displayed).
- Started working on the subsequent patchset that introduces the other
strategies and choose the best based on the number of instructions
generated in each case.
- Started setting up a test that actually checks seccomp filtering is
enabled by comparing the number of syscalls performed in a fixed
duration with and without -n. Current tests for seccomp filtering
succeeds even if seccomp filter is always disabled.
Priorities:
- Finish new test for seccomp filtering.
- Compare size and speed of BPF programs for a single syscall, all syscall
classes, and all-but-one syscall on x86-64 and aarch64. I'll decide
which program generation strategy to include in the v3 patchset based on
that, and we'll send other strategies in subsequent patchset. I'm
planning on sending a separate email with the evaluation results.
- Send non-RFC v3.
Paul
More information about the Strace-devel
mailing list