2014-02-04 Lennart Poettering lenn...@poettering.net:
So yeah, I figure we should continue with this logic, and of course
probably document it...
So I sent the new patch, it works the same way.
But I did not use an integer array like you said. I used a set to
store the syscalls number and a
2014-02-11 23:14 GMT+01:00 Ronny Chevalier chevalier.ro...@gmail.com:
2014-02-04 Lennart Poettering lenn...@poettering.net:
So yeah, I figure we should continue with this logic, and of course
probably document it...
So I sent the new patch, it works the same way.
But I did not use an integer
2014-01-27 Lennart Poettering lenn...@poettering.net:
On Sat, 25.01.14 18:06, Ronny Chevalier (chevalier.ro...@gmail.com) wrote:
Doesn't libseccomp provide a way to enumerate the contents of the
defined filter again? I'd really prefer if we could find a way that
specifiying a filter of
On Tue, 04.02.14 20:59, Ronny Chevalier (chevalier.ro...@gmail.com) wrote:
There is no problem if someone do something like:
SystemCallFilter=write read execve
SystemCallFilter=ioperm
-- or --
SystemCallFilter=~write read execve
SystemCallFilter=~ioperm
But in a case like:
both libseccomp and systemd's use of it needs to be ported to arm,
which supports seccomp filter mode.
On Tue, Feb 4, 2014 at 2:40 PM, Lennart Poettering
lenn...@poettering.net wrote:
On Tue, 04.02.14 20:59, Ronny Chevalier (chevalier.ro...@gmail.com) wrote:
There is no problem if someone do
On Sat, 25.01.14 18:06, Ronny Chevalier (chevalier.ro...@gmail.com) wrote:
Doesn't libseccomp provide a way to enumerate the contents of the
defined filter again? I'd really prefer if we could find a way that
specifiying a filter of read write and of write read would actually
result in
2014/1/24 Lennart Poettering lenn...@poettering.net:
On Thu, 23.01.14 01:34, Ronny Chevalier (chevalier.ro...@gmail.com) wrote:
---
Hi,
This patch ports the syscall filter to libseccomp. It can be disable with
--disable-seccomp and is enabled by default if libseccomp is present.
Maybe I
On Thu, 23.01.14 01:34, Ronny Chevalier (chevalier.ro...@gmail.com) wrote:
---
Hi,
This patch ports the syscall filter to libseccomp. It can be disable with
--disable-seccomp and is enabled by default if libseccomp is present.
Maybe I should add a warning when parsing SyscallFilter in a
---
Hi,
This patch ports the syscall filter to libseccomp. It can be disable with
--disable-seccomp and is enabled by default if libseccomp is present.
Maybe I should add a warning when parsing SyscallFilter in a .service
if seccomp has been disabled ?
Now the SyscallFilter property is a