* Karel Zak: > I have applied patch based on libseccomp syscall filter: > > https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2 > > it works as expected, but IMHO it's workaround for our stupid kernel... How does this work? Isn't it possible to pass the descriptor to another, unrestricted process (perhaps spawned from cron) and then run the ioctl from there? I'd also be concerned that the seccomp filters keep stacking up if you do it this way. -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
