subject:"\[PATCH\] core\/entry\: Report syscall correctly for trace and audit"

Re: [PATCH] core/entry: Report syscall correctly for trace and audit

2020-09-14 Thread Kyle Huey

On Fri, Sep 11, 2020 at 5:58 PM Kees Cook wrote: > > On v5.8 when doing seccomp syscall rewrites (e.g. getpid into getppid > as seen in the seccomp selftests), trace (and audit) correctly see the > rewritten syscall on entry and exit: > > seccomp_bpf-1307 [000] 22974.874393: sys_ente

[PATCH] core/entry: Report syscall correctly for trace and audit

2020-09-11 Thread Kees Cook

On v5.8 when doing seccomp syscall rewrites (e.g. getpid into getppid as seen in the seccomp selftests), trace (and audit) correctly see the rewritten syscall on entry and exit: seccomp_bpf-1307 [000] 22974.874393: sys_enter: NR 110 (... seccomp_bpf-1307 [000] .N.. 22974.874