On Mo, 13.07.20 10:02, Chris PeBenito (chpebeni@xxxxxxxxxxxxxxxxxxx) wrote: > > I think it would be more flexible to extend the error code return per > > system call, like > > SystemCallFilter=gettimeofday:LOG > > Yes, that provides much more granularity but is it necessary to support that > level of granularity in systemd? Fine-grained system call logging is > available in the audit subsystem and is much more flexible. Well, if libseccomp supports this already and it feats neatly into our syntax/model I think we can suport for Topi suggested. And I think the syntax Topi suggests makes a lot of sense and is a nice extension to what we already have in place. I mean, I personally don't like audit very much, I'd always prefer using something else over audit... Lennart -- Lennart Poettering, Berlin _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Seccomp allow/log action
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Seccomp allow/log action
- From: Lennart Poettering <mzerqung@xxxxxxxxxxx>
- Date: Tue, 14 Jul 2020 09:55:13 +0200
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <e53ef7af-3b16-62cd-d687-209fd8616cd9@linux.microsoft.com>
- References: <f9c2cb77-14e7-06bb-91d3-7fd2f6fab46b@linux.microsoft.com> <1c5ca3ff-9976-4955-501b-36ec9d85b241@gmail.com> <e53ef7af-3b16-62cd-d687-209fd8616cd9@linux.microsoft.com>
- References:
- Seccomp allow/log action
- From: Chris PeBenito
- Re: Seccomp allow/log action
- From: Topi Miettinen
- Re: Seccomp allow/log action
- From: Chris PeBenito
- Seccomp allow/log action
- Prev by Date: Re: advice on how to address selinux-autorelabel issue with userdbd
- Next by Date: Re: GNOME boot-complete.target integration ?
- Previous by thread: Re: Seccomp allow/log action
- Next by thread: systemd prerelease 246-rc1
- Index(es):
 |