[PATCH v7 0/3] Seccomp-assisted syscall filtering
Paul Chaignon
paul.chaignon at gmail.com
Wed Sep 25 09:03:32 UTC 2019
On Wed, Sep 25, 2019 at 03:35:52AM +0300, Dmitry V. Levin wrote:
> On Wed, Sep 25, 2019 at 01:16:37AM +0300, Dmitry V. Levin wrote:
> > On Tue, Sep 24, 2019 at 08:26:57PM +0200, Paul Chaignon wrote:
> > > On Tue, Sep 24, 2019 at 09:13:56PM +0300, Dmitry V. Levin wrote:
> > > > On Mon, Sep 23, 2019 at 02:01:53PM +0200, Paul Chaignon wrote:
> > >
> > > [...]
> > >
> > > > Thanks, I think this is ready for master.
> > >
> > > Great!
> > >
> > > > My only reservation is that the name of -n option
> > > > has no connotation of seccomp-bpf.
> > >
> > > I agree. I kept it from the original patchset by lack of a better idea
> > > only.
> >
> > What do you think about introducing --seccomp option instead of -n?
>
> Or even --seccomp-bpf, assuming that it can be abbreviated up to --s?
I'm fine with both. I didn't really consider several-letters names, but
it's probably best given that this is an experimental feature.
Are you sure about the --s shortcut though? It's a bit close to the
existing -s option... Not having a shortcut might be fine if we're going
to enable seccomp-bpf filtering by default in the future (or if we end up
removing it).
Paul
More information about the Strace-devel
mailing list