On Tue, Feb 09, 2021 at 12:56:27AM +0100, Ivo De Decker wrote: > I was wondering if there is a way to make it clear that the seccomp filter > has actually blocked something, perhaps by showing a warning. That would > make it easier to debug something like this in the future. Maybe that should > be a separate (wishlist) bug.
It's worth a separate bug report, yes. When I initially added seccomp support to man-db, this would have been pretty hard, but I think the SCMP_FLTATR_CTL_LOG attribute that libseccomp supports nowadays would make it possible to at least have the kernel log something to dmesg, which is probably the best that can be done. (I haven't tested that as yet, though.) -- Colin Watson (he/him) [cjwat...@debian.org]
