[systemd-devel] Seeking advice for configuring SystemCallFilter=
Ronny Chevalier
chevalier.ronny at gmail.com
Wed Jul 9 00:26:13 PDT 2014
2014-07-09 2:33 GMT+02:00 David Timothy Strauss <david at davidstrauss.net>:
> Is there a good way to empirically determine the additional calls
> required for an application, sort of like selinux permissive mode?
> We're often running user code on our servers, and we'd like to perform
> analysis and gradually roll out filtering. We'd like to be as
> non-disruptive as possible.
Hi,
Maybe you can use something like a syscall reporter [1] to tell you
which syscall is needed ? But it means that you have to run the
application, i'm not sure that's what you want.
[1] http://outflux.net/teach-seccomp/step-3/syscall-reporter.c
More information about the systemd-devel
mailing list