[PATCH v6 1/3] Introduce seccomp-assisted syscall filtering
Dmitry V. Levin
ldv at altlinux.org
Mon Sep 23 09:28:44 UTC 2019
On Mon, Sep 23, 2019 at 10:04:15AM +0200, Paul Chaignon wrote:
> On Mon, Sep 23, 2019 at 12:22:09AM +0300, Dmitry V. Levin wrote:
> > On Mon, Sep 23, 2019 at 12:00:54AM +0300, Dmitry V. Levin wrote:
> > > On Sun, Sep 22, 2019 at 10:13:29PM +0200, Paul Chaignon wrote:
> > [...]
> > > > + if (seccomp_filtering) {
> > > > + if ((opt_p && !argc) || debug_flag)
> > >
> > > I think we can avoid introducing opt_p and check nprocs instead.
> > >
> > > > + error_msg("-n is ineffective on processes attached with -p");
> > >
> > > It's not just ineffective, it's not enabled for these processes.
> >
> > Looks like it makes sense to print diagnostics regardless of argc and
> > debug_flag.
>
> Since strace -fn -p $(pidof ...) cmd is a legitimate use of strace and the
> new feature, I thought we might not want to print a warning every single
> time someone uses that command. That's why I switched to a debug message
> when both -p and cmd are used.
In that case the check should rather be (!argc || debug_flag).
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20190923/c06a8043/attachment.bin>
More information about the Strace-devel
mailing list