[PATCH v3 0/2] filter_seccomp: new bpf generation strategy
Paul Chaignon
paul.chaignon at gmail.com
Mon Nov 4 11:36:07 UTC 2019
On Sun, Nov 03, 2019 at 07:01:24PM +0300, Dmitry V. Levin wrote:
> On Thu, Oct 31, 2019 at 08:55:12PM +0100, Paul Chaignon wrote:
[...]
> > Paul Chaignon (2):
> > filter_seccomp: list of seccomp filter generation strategies
> > filter_seccomp: binary match generation strategy
> >
> > filter_seccomp.c | 207 ++++++++++++++++++++++++++++++++++++++++++++---
> > 1 file changed, 195 insertions(+), 12 deletions(-)
>
> It's now merged into master, thanks!
Thanks!
>
> We still can do better with test coverage of these new features, though.
Any specific cases you'd like us to test?
The third test case in tests/filter_seccomp.in should already be
triggering the use of the new binary match strategy. (Not that I think
it's enough.)
Some of the corner cases are also a bit hard to test (e.g., jump offset
overflow and oversized filter) because I currently am unable to come up
with a trace set that triggers them.
I had a look at the Codecov reporting, but it looks kinda weird:
exec_or_die() is supposedly never executed, as if Codecov is only tracing
the tracer process...?
Paul
More information about the Strace-devel
mailing list