[PATCH v5 1/3] Introduce seccomp-assisted syscall filtering
Paul Chaignon
paul.chaignon at gmail.com
Sun Sep 22 08:49:10 UTC 2019
On Sat, Sep 21, 2019 at 07:57:21PM +0300, Dmitry V. Levin wrote:
> On Sat, Sep 21, 2019 at 07:02:24PM +0300, Dmitry V. Levin wrote:
> [...]
> > @@ -1759,6 +1768,11 @@ init(int argc, char *argv[])
> > error_msg_and_help("PROG [ARGS] must be specified with -D");
> > }
> >
> > + if (seccomp_filtering && !followfork) {
> > + error_msg("-n implies -f");
> > + followfork = 1;
> > + }
> > +
> > if (optF) {
> > if (followfork) {
> > error_msg("deprecated option -F ignored");
>
> Looks like -n is currently not compatible with -p, compare e.g.
>
> ./set_ptracer_any ./sleep 1 & ../strace -n -f -qq -e trace=exit_group -p $!
> and
> ./set_ptracer_any ./sleep 1 & ../strace -f -qq -e trace=exit_group -p $!
No, it's not. As far as I know, there is currently no way to attach a
seccomp-bpf filter to a running process. We'll need to add an error
message.
Paul
More information about the Strace-devel
mailing list