This adds the seccomp_filter.c file which: - Adds some default verification statments at the start of the Seccomp BPF filter - Splits the seccomp_filter value string into rules, and for each rule: - checks if an explicit policy was added to the rule - looks up the policy (if applicable) - Looks up the errno given (if applicable) - Looks up the syscall number - Adds a Seccomp BPF filter rules accordingly - Adds some rules at the end for the syscalls that have to be enabled (syscalls required to be able to "exec" a process and to properly exit it) - Installs the BPF filter
0003-init-seccomp_filter_c.diff
Description: Binary data
-- upstart-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/upstart-devel
