Paul Chaignon's GSoC status report - #10 of 12

Paul Chaignon paul.chaignon at
Mon Aug 5 19:44:46 UTC 2019

Hi all,

- Set up new aarch64 board to run tests for seccomp patchset.  It looks
  okay so far.  I found one issue with the AUDIT_ARCH_XXX constants
  (discussed on the mailing list).
- Sent v2 RFC for seccomp patchset.  I started addressing reviews and
  other bugs I found while re-reading (including: warning for
  "seccomp-filter requested but unavailable" is always displayed).
- Started working on the subsequent patchset that introduces the other
  strategies and choose the best based on the number of instructions
  generated in each case.
- Started setting up a test that actually checks seccomp filtering is
  enabled by comparing the number of syscalls performed in a fixed
  duration with and without -n.  Current tests for seccomp filtering
  succeeds even if seccomp filter is always disabled.

- Finish new test for seccomp filtering.
- Compare size and speed of BPF programs for a single syscall, all syscall
  classes, and all-but-one syscall on x86-64 and aarch64.  I'll decide
  which program generation strategy to include in the v3 patchset based on
  that, and we'll send other strategies in subsequent patchset.  I'm
  planning on sending a separate email with the evaluation results.
- Send non-RFC v3.


More information about the Strace-devel mailing list