You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Gilbert Song (JIRA)" <ji...@apache.org> on 2019/01/28 08:05:00 UTC
[jira] [Commented] (MESOS-9456) Set `SCMP_FLTATR_CTL_LOG` attribute
during initialization of Seccomp context
[ https://issues.apache.org/jira/browse/MESOS-9456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16753778#comment-16753778 ]
Gilbert Song commented on MESOS-9456:
-------------------------------------
(y)
> Set `SCMP_FLTATR_CTL_LOG` attribute during initialization of Seccomp context
> ----------------------------------------------------------------------------
>
> Key: MESOS-9456
> URL: https://issues.apache.org/jira/browse/MESOS-9456
> Project: Mesos
> Issue Type: Task
> Components: containerization
> Reporter: Andrei Budnik
> Priority: Major
> Labels: Mesosphere, newbie
>
> Since version 4.14 the Linux kernel supports SECCOMP_FILTER_FLAG_LOG flag which can be used for enabling logging for all Seccomp filter operations except SECCOMP_RET_ALLOW. If a Seccomp filter does not allow the system call, then the kernel will print a message into dmesg during invocation of this system call.
> At the moment libseccomp ver. 2.3.3 does not provide this flag, but the latest master branch of libseccomp supports SECCOMP_FILTER_FLAG_LOG. So, we need to add
> {code:java}
> seccomp_attr_set(ctx, SCMP_FLTATR_CTL_LOG, 1);{code}
> into `SeccompFilter::create()` when the newest version of libseccomp will be released (v2.3.4+).
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)