Adminstrators can write to this sysctl to set the seccomp actions that
are allowed to be logged. Any actions not found in this sysctl will not
be logged.
For example, all SECCOMP_RET_KILL, SECCOMP_RET_TRAP, and
SECCOMP_RET_ERRNO actions would be loggable if "kill trap errno" were
written to the sy
On Thu, Aug 10, 2017 at 9:33 PM, Tyler Hicks wrote:
> +static int seccomp_actions_logged_handler(struct ctl_table *ro_table, int
> write,
> + void __user *buffer, size_t *lenp,
> + loff_t *ppos)
> +{
> + char na
On 08/11/2017 02:17 PM, Kees Cook wrote:
> On Thu, Aug 10, 2017 at 9:33 PM, Tyler Hicks wrote:
>> +static int seccomp_actions_logged_handler(struct ctl_table *ro_table, int
>> write,
>> + void __user *buffer, size_t *lenp,
>> +
On Fri, Aug 11, 2017 at 12:33 PM, Tyler Hicks wrote:
> On 08/11/2017 02:17 PM, Kees Cook wrote:
>> One thought here: should "kill" be always forced on during a write?
>> This flag effectively cannot be disabled, so listing it (or not) in
>> the sysctl may be confusing...
>
> "kill" can be silenced
