Log blocked syscall #5110

rusty-snake · 2022-04-20T17:50:54Z

By default (kernel default) only blocked syscall are only logged if --seccomp-error-action is kill or log but not Errno(EPERM).

Load seccomp filter with syscall(SYS_seccomp, SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_LOG, &fl->prog) on supported kernels (>=4.14).

N/A

The text was updated successfully, but these errors were encountered:

netblue30 · 2022-04-21T15:43:15Z

I'll look into it!

netblue30 · 2022-05-20T12:10:29Z

All set!

rusty-snake · 2022-05-20T12:52:38Z

Relates to #5110.

rusty-snake added the enhancement New feature request label Apr 20, 2022

netblue30 added a commit that referenced this issue May 9, 2022

always log seccomp errors (#5110)

a3f00ed

netblue30 added the in testing A bugfix that is being tested label May 20, 2022

kmk3 added a commit that referenced this issue Jun 8, 2022

RELNOTES: add feature: always log seccomp errors

6984ad4

Relates to #5110.

EdiDD mentioned this issue Jun 17, 2022

Flood of seccomp audit log entries #5207

Closed

netblue30 closed this as completed Jun 20, 2022

rusty-snake removed the in testing A bugfix that is being tested label Jun 21, 2022

kmk3 added this to Release 0.9.70 Sep 2, 2024

kmk3 moved this to Done (on RELNOTES) in Release 0.9.70 Sep 2, 2024

Provide feedback