[systemd-devel] [PATCH 2/2] syscallfilter: port to libseccomp

Ronny Chevalier chevalier.ronny at gmail.com
Tue Feb 11 23:14:46 CET 2014

2014-02-04 Lennart Poettering <lennart at poettering.net>:
> So yeah, I figure we should continue with this logic, and of course
> probably document it...
So I sent the new patch, it works the same way.

But I did not use an integer array like you said. I used a set to
store the syscalls number and a strv for the syscalls name. Then I
sort the strv to create the string which will be exposed.
I think it gives less code and more readable code than managing an
array, and the overhead of sorting a strv instead of an integer array
is quite small.

I also added a paragraph in the documentation since it did not
mentioned how the multiple occurrences of SystemCallFilter are merged.

I will send a new version for the patch containing the tests too.

> Lennart
> --
> Lennart Poettering, Red Hat

More information about the systemd-devel mailing list