Paul Chaignon's GSoC status report - #4 of 12

Paul Chaignon paul.chaignon at
Mon Jun 24 19:12:12 UTC 2019

Hi all,

- Addressed most comments on v4 of the status patchset.  I'm waiting for the
  answers to a few questions to send the v5.  I'll probably send it before end
  of week otherwise.
- Debugged the issue with some tests returning ENOSYS.  Under seccomp, this is
  the expected error code for an absent tracer.  Turns out it had nothing to do
  with that this time: tracee was restarted with PTRACE_SYSCALL instead of
  PTRACE_CONT leading to strace trying to decode seccomp-stop event as a
  syscall-exit-stop event.  I introduced the bug while refactoring.
- Built a bcc tool [1] to help debug the above issue.  The tool traces
  __seccomp_filter with kprobes/BPF to infer the seccomp action (e.g.,
  RET_TRACE or RET_ALLOW).  I'll probably submit it to the bcc repository after
  the end of GSoC if it proves to be stable enough.
- While going through the patched test suite (see previous GSoC report), I
  noticed that several tests with fork() or threads but without the -f option
  were failing.  These are failing because children tasks inherit the seccomp
  filter of parent tasks.  Thus, if tracing a multi-task process with strace -n
  (i.e., seccomp filtering enabled), we should make sure that -f is enabled so
  that all tasks have a proper tracer.  The current patchset errors out when -n
  is given without -f.  While this propagation of seccomp filters to children
  tasks makes sense for sandboxing, it might be worth having an option in the
  kernel to disable propagation for tracing use cases.  Without such an option
  in the Linux API, strace will only be able to use seccomp filtering when -f
  is set.  What do you think?  Should I send an RFC patch to the kernel after
  my main seccomp tasks are finished?

- Finish writing the execve test case for seccomp filtering.
- Rework the commit history and send the RFC patchset for seccomp filtering.
- Send v5 of the status patchset.


1 -

More information about the Strace-devel mailing list