[PATCH v6 1/3] Introduce seccomp-assisted syscall filtering

Dmitry V. Levin ldv at altlinux.org
Sun Sep 22 21:22:09 UTC 2019


On Mon, Sep 23, 2019 at 12:00:54AM +0300, Dmitry V. Levin wrote:
> On Sun, Sep 22, 2019 at 10:13:29PM +0200, Paul Chaignon wrote:
[...]
> > +	if (seccomp_filtering) {
> > +		if ((opt_p && !argc) || debug_flag)
> 
> I think we can avoid introducing opt_p and check nprocs instead.
> 
> > +			error_msg("-n is ineffective on processes attached with -p");
> 
> It's not just ineffective, it's not enabled for these processes.

Looks like it makes sense to print diagnostics regardless of argc and
debug_flag.


-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20190923/c551f295/attachment.bin>


More information about the Strace-devel mailing list