[systemd-devel] Seccomp allow/log action
Lennart Poettering
mzerqung at 0pointer.de
Tue Jul 14 07:55:13 UTC 2020
On Mo, 13.07.20 10:02, Chris PeBenito (chpebeni at linux.microsoft.com) wrote:
> > I think it would be more flexible to extend the error code return per
> > system call, like
> > SystemCallFilter=gettimeofday:LOG
>
> Yes, that provides much more granularity but is it necessary to support that
> level of granularity in systemd? Fine-grained system call logging is
> available in the audit subsystem and is much more flexible.
Well, if libseccomp supports this already and it feats neatly into our
syntax/model I think we can suport for Topi suggested. And I think the
syntax Topi suggests makes a lot of sense and is a nice extension to
what we already have in place.
I mean, I personally don't like audit very much, I'd always prefer
using something else over audit...
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list