[ https://issues.apache.org/jira/browse/MESOS-9456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16753778#comment-16753778 ]
Gilbert Song commented on MESOS-9456: ------------------------------------- (y) > Set `SCMP_FLTATR_CTL_LOG` attribute during initialization of Seccomp context > ---------------------------------------------------------------------------- > > Key: MESOS-9456 > URL: https://issues.apache.org/jira/browse/MESOS-9456 > Project: Mesos > Issue Type: Task > Components: containerization > Reporter: Andrei Budnik > Priority: Major > Labels: Mesosphere, newbie > > Since version 4.14 the Linux kernel supports SECCOMP_FILTER_FLAG_LOG flag > which can be used for enabling logging for all Seccomp filter operations > except SECCOMP_RET_ALLOW. If a Seccomp filter does not allow the system call, > then the kernel will print a message into dmesg during invocation of this > system call. > At the moment libseccomp ver. 2.3.3 does not provide this flag, but the > latest master branch of libseccomp supports SECCOMP_FILTER_FLAG_LOG. So, we > need to add > {code:java} > seccomp_attr_set(ctx, SCMP_FLTATR_CTL_LOG, 1);{code} > into `SeccompFilter::create()` when the newest version of libseccomp will be > released (v2.3.4+). > -- This message was sent by Atlassian JIRA (v7.6.3#76005)