[systemd-devel] Seeking advice for configuring SystemCallFilter=
Lennart Poettering
lennart at poettering.net
Thu Aug 14 17:49:07 PDT 2014
On Tue, 08.07.14 17:33, David Timothy Strauss (david at davidstrauss.net) wrote:
> Is there a good way to empirically determine the additional calls
> required for an application, sort of like selinux permissive mode?
> We're often running user code on our servers, and we'd like to perform
> analysis and gradually roll out filtering. We'd like to be as
> non-disruptive as possible.
"strace" should do the job. It should give you a pretty good idea of all
syscalls a process uses. That's what I used when testing SyscallFilters=.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list