On Fri, Sep 11, 2020 at 5:58 PM Kees Cook wrote:
>
> On v5.8 when doing seccomp syscall rewrites (e.g. getpid into getppid
> as seen in the seccomp selftests), trace (and audit) correctly see the
> rewritten syscall on entry and exit:
>
> seccomp_bpf-1307 [000] 22974.874393: sys_ente
On v5.8 when doing seccomp syscall rewrites (e.g. getpid into getppid
as seen in the seccomp selftests), trace (and audit) correctly see the
rewritten syscall on entry and exit:
seccomp_bpf-1307 [000] 22974.874393: sys_enter: NR 110 (...
seccomp_bpf-1307 [000] .N.. 22974.874
2 matches
Mail list logo