Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9456

Set `SCMP_FLTATR_CTL_LOG` attribute during initialization of Seccomp context

    XMLWordPrintableJSON

Details

    Description

      Since version 4.14 the Linux kernel supports SECCOMP_FILTER_FLAG_LOG flag which can be used for enabling logging for all Seccomp filter operations except SECCOMP_RET_ALLOW. If a Seccomp filter does not allow the system call, then the kernel will print a message into dmesg during invocation of this system call.

      At the moment libseccomp ver. 2.3.3 does not provide this flag, but the latest master branch of libseccomp supports SECCOMP_FILTER_FLAG_LOG. So, we need to add

      seccomp_attr_set(ctx, SCMP_FLTATR_CTL_LOG, 1);

      into `SeccompFilter::create()` when the newest version of libseccomp will be released (v2.3.4+).

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            abudnik Andrei Budnik
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: