[
https://issues.apache.org/jira/browse/MESOS-9456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16753778#comment-16753778
]
Gilbert Song commented on MESOS-9456:
-------------------------------------
(y)
> Set `SCMP_FLTATR_CTL_LOG` attribute during initialization of Seccomp context
> ----------------------------------------------------------------------------
>
> Key: MESOS-9456
> URL: https://issues.apache.org/jira/browse/MESOS-9456
> Project: Mesos
> Issue Type: Task
> Components: containerization
> Reporter: Andrei Budnik
> Priority: Major
> Labels: Mesosphere, newbie
>
> Since version 4.14 the Linux kernel supports SECCOMP_FILTER_FLAG_LOG flag
> which can be used for enabling logging for all Seccomp filter operations
> except SECCOMP_RET_ALLOW. If a Seccomp filter does not allow the system call,
> then the kernel will print a message into dmesg during invocation of this
> system call.
> At the moment libseccomp ver. 2.3.3 does not provide this flag, but the
> latest master branch of libseccomp supports SECCOMP_FILTER_FLAG_LOG. So, we
> need to add
> {code:java}
> seccomp_attr_set(ctx, SCMP_FLTATR_CTL_LOG, 1);{code}
> into `SeccompFilter::create()` when the newest version of libseccomp will be
> released (v2.3.4+).
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
