On Wed, Nov 17, 2021 at 05:20:33PM -0800, Kyle Huey wrote: > Yeah that's one way to solve the problem. I think you're right that > fundamentally the problem here is that what SECCOMP_RET_KILL wants is > not really a signal. To the extent that it wants a signal, what it > really wants is SIGKILL, and the problem here is the code trying to > act like SIGKILL but call it SIGSYS. I assume the ship for fixing that > sailed years ago though. Yeah, this was IIRC, a specific design choice (to distinguish a seccomp KILL from a SIGKILL), as desired by the sandboxing folks, and instead of using two different signals (one for KILL and one for TRAP), both used SIGSYS, with the KILL variant being uncatchable. -- Kees Cook
