On Fri, 22.01.16 21:17, David Timothy Strauss (da...@davidstrauss.net) wrote:
> Rebooting an old thread now that we're finally testing this out.
>
> > "strace" should do the job. It should give you a pretty good idea of all
> syscalls a process uses. That's what I used when testing SyscallFilters
On Fri, Jan 22, 2016 at 11:47 PM, David Timothy Strauss <
da...@davidstrauss.net> wrote:
> On Fri, Jan 22, 2016 at 1:36 PM Mantas Mikulėnas
> wrote:
>
>> There's a third way:
>>
>> ExecStart=/usr/bin/strace -D -ff -o /tmp/myservice.trace
>> /usr/bin/myservlce --foo
>>
>
> Do you know if that woul
On Fri, Jan 22, 2016 at 1:36 PM Mantas Mikulėnas wrote:
> There's a third way:
>
> ExecStart=/usr/bin/strace -D -ff -o /tmp/myservice.trace
> /usr/bin/myservlce --foo
>
Do you know if that would pass through file descriptors for socket
activation?
___
On Fri, Jan 22, 2016 at 11:17 PM, David Timothy Strauss <
da...@davidstrauss.net> wrote:
> Rebooting an old thread now that we're finally testing this out.
>
> > "strace" should do the job. It should give you a pretty good idea of all
> syscalls a process uses. That's what I used when testing Sysc
Rebooting an old thread now that we're finally testing this out.
> "strace" should do the job. It should give you a pretty good idea of all
syscalls a process uses. That's what I used when testing SyscallFilters=.
This turns out to be less useful than it seems.
There are two major ways to invoke
On Tue, 08.07.14 17:33, David Timothy Strauss (da...@davidstrauss.net) wrote:
> Is there a good way to empirically determine the additional calls
> required for an application, sort of like selinux permissive mode?
> We're often running user code on our servers, and we'd like to perform
> analysis
2014-07-09 2:33 GMT+02:00 David Timothy Strauss :
> Is there a good way to empirically determine the additional calls
> required for an application, sort of like selinux permissive mode?
> We're often running user code on our servers, and we'd like to perform
> analysis and gradually roll out filte
Is there a good way to empirically determine the additional calls
required for an application, sort of like selinux permissive mode?
We're often running user code on our servers, and we'd like to perform
analysis and gradually roll out filtering. We'd like to be as
non-disruptive as possible.
_
