On Thu, Jul 6, 2017 at 4:42 AM, Marcin Mielniczuk <[email protected]> wrote: > Oh, and here's the output from strace: https://pastebin.com/spnwDJtN > > Notice the "Invalid argument" from seccomp and that the `fork` syscall is > not visible at all. If I add a filter on `clone` instead, the process is > properly killed. > > Is this a bug I should report on GitHub?
Hello. What you are seeing is the correct behavior, let me try to explain ... * The "Invalid argument" you are seeing is coming from the sys_chk_seccomp_syscall() function and is designed to detect, at runtime, if you kernel supports the seccomp(2) syscall; since your kernel is returning -EINVAL we can see that it does, and libseccomp correctly calls seccomp(2) (instead of prctl(2)) a moment later. For more information you can look at the src/system.c file in the libseccomp sources. -> https://github.com/seccomp/libseccomp/blob/master/src/system.c * As far your program using clone(2) instead of fork(2), modern versions of glibc use clone(2) instead of fork, see the fork(2) man page for more information (it's in the NOTES section towards the end). -> http://man7.org/linux/man-pages/man2/fork.2.html -- paul moore www.paul-moore.com -- You received this message because you are subscribed to the Google Groups "libseccomp" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
