On Mon, Sep 25 2017, Michal Sojka wrote: > Older kernel version shipped by LEDE/OpenWrt contained patch > target/linux/generic/patches-3.18/999-seccomp_log.patch that logged > seccomp violations. For some reason, newer kernels do not have this > patch. Without this kind of logging, it is very hard to setup seccomp > whitelist properly, so this commit modifies utrace to serve as a > logger for seccomp violations. > > With this patch, when utrace is executed via seccomp-trace symlink, it > does not trace normal syscalls but only seccomp violations and logs > them to syslog.
If've just discovered https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/seccomp/seccomp_bpf.c?h=v4.13#n1227. If this patch is going to be accepted, it would be better to rewrite its code to get and modify syscall number according to the link above, because it supports more architectures than my patch. -Michal _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
