[PATCH v5 1/3] Introduce seccomp-assisted syscall filtering
Dmitry V. Levin
ldv at altlinux.org
Sat Sep 21 21:40:03 UTC 2019
On Sat, Sep 21, 2019 at 10:52:56PM +0200, Paul Chaignon wrote:
> On Sat, Sep 21, 2019 at 07:02:24PM +0300, Dmitry V. Levin wrote:
> > From: Chen Jingpiao <chenjingpiao at gmail.com>
> >
> > With this patch, strace can rely on seccomp to only be stopped at syscalls
> > of interest, instead of stopping at all syscalls. The seccomp filtering
> > of syscalls is opt-in only; it must be enabled with the -n option. Kernel
> > support is first checked with check_seccomp_filter(), which also ensures
> > the BPF program derived from the syscalls to filter is not larger than the
> > kernel's limit.
>
> [...]
>
> > +#else /* !HAVE_LINUX_SECCOMP_H */
> > +
> > +# warning <linux/seccomp.h> is not available, seccomp filtering is not supported
> > +
> > +static void
> > +check_seccomp_filter_properties(void)
> > +{
> > + seccomp_filtering = false;
> > +}
> > +
> > +void
> > +init_seccomp_filter(void)
> > +{
> > +}
> > +
> > +int
> > +seccomp_filter_restart_operator(const struct tcb *tcp)
> > +{
> > + return PTRACE_SYSCALL;
> > +}
>
> Should these be made "static inline"? They're only called at startup, so
> it's probably fine.
The HAVE_LINUX_SECCOMP_H version of seccomp_filter_restart_operator
is less trivial, moving it to filter_seccomp.h would require exposing
traced_by_seccomp, and I'm not sure we want it.
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20190922/4cde2c25/attachment.bin>
More information about the Strace-devel
mailing list