[systemd-devel] [PATCH 2/2] syscallfilter: port to libseccomp

Ronny Chevalier chevalier.ronny at gmail.com
Wed Feb 12 00:41:21 CET 2014


2014-02-11 23:14 GMT+01:00 Ronny Chevalier <chevalier.ronny at gmail.com>:
> 2014-02-04 Lennart Poettering <lennart at poettering.net>:
>> So yeah, I figure we should continue with this logic, and of course
>> probably document it...
> So I sent the new patch, it works the same way.
>
> But I did not use an integer array like you said. I used a set to
> store the syscalls number and a strv for the syscalls name. Then I
> sort the strv to create the string which will be exposed.
> I think it gives less code and more readable code than managing an
> array, and the overhead of sorting a strv instead of an integer array
> is quite small.
>
> I also added a paragraph in the documentation since it did not
> mentioned how the multiple occurrences of SystemCallFilter are merged.
>
> I will send a new version for the patch containing the tests too.
>
Well, I thought that I have tested enough use cases but I forgot an
obvious one. So something is not working, but I did not find why yet.
Sorry for the disturbance

>>
>> Lennart
>>
>> --
>> Lennart Poettering, Red Hat


More information about the systemd-devel mailing list