[LEDE-DEV] [PATCH procd v2 10/17] seccomp: Log seccomp violations with utrace
Michal Sojka
sojkam1 at fel.cvut.cz
Mon Oct 2 13:49:42 PDT 2017
On Mon, Sep 25 2017, Michal Sojka wrote:
> Older kernel version shipped by LEDE/OpenWrt contained patch
> target/linux/generic/patches-3.18/999-seccomp_log.patch that logged
> seccomp violations. For some reason, newer kernels do not have this
> patch. Without this kind of logging, it is very hard to setup seccomp
> whitelist properly, so this commit modifies utrace to serve as a
> logger for seccomp violations.
>
> With this patch, when utrace is executed via seccomp-trace symlink, it
> does not trace normal syscalls but only seccomp violations and logs
> them to syslog.
If've just discovered
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/seccomp/seccomp_bpf.c?h=v4.13#n1227.
If this patch is going to be accepted, it would be better to rewrite its
code to get and modify syscall number according to the link above,
because it supports more architectures than my patch.
-Michal
More information about the Lede-dev
mailing list