Andrei Budnik created MESOS-9456:
------------------------------------
Summary: Set `SCMP_FLTATR_CTL_LOG` attribute during initialization
of Seccomp context
Key: MESOS-9456
URL: https://issues.apache.org/jira/browse/MESOS-9456
Project: Mesos
Issue Type: Task
Components: containerization
Reporter: Andrei Budnik
Since version 4.14 the Linux kernel supports SECCOMP_FILTER_FLAG_LOG flag which
can be used for enabling logging for all Seccomp filter operations except
SECCOMP_RET_ALLOW. If a Seccomp filter does not allow the system call, then the
kernel will print a message into dmesg during invocation of this system call.
At the moment libseccomp ver. 2.3.3 does not provide this flag, but the latest
master branch of libseccomp supports SECCOMP_FILTER_FLAG_LOG. So, we need to add
{code:java}
seccomp_attr_set(ctx, SCMP_FLTATR_CTL_LOG, 1);{code}
into `SeccompFilter::create()` when the newest version of libseccomp will be
released.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
