diff options
| author | Topi Miettinen <toiwoton@gmail.com> | 2020-08-30 20:56:13 +0200 |
|---|---|---|
| committer | Topi Miettinen <toiwoton@gmail.com> | 2020-09-15 11:54:17 +0200 |
| commit | 9df2cdd8ec1cc223d74fd06eeb89d822f72f61c3 (patch) | |
| tree | 8a3f3a39b5311905c97221bb99d04dc428f023de /src/shared/seccomp-util.c | |
| parent | exec: Add kill action to system call filters (diff) | |
| download | systemd-9df2cdd8ec1cc223d74fd06eeb89d822f72f61c3.tar.xz systemd-9df2cdd8ec1cc223d74fd06eeb89d822f72f61c3.zip | |
exec: SystemCallLog= directive
With new directive SystemCallLog= it's possible to list system calls to be
logged. This can be used for auditing or temporarily when constructing system
call filters.
---
v5: drop intermediary, update HASHMAP_FOREACH_KEY() use
v4: skip useless debug messages, actually parse directive
v3: don't declare unused variables with old libseccomp
v2: fix build without seccomp or old libseccomp
Diffstat (limited to 'src/shared/seccomp-util.c')
| -rw-r--r-- | src/shared/seccomp-util.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 0b7cdbaadf..358960d5c4 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -1073,6 +1073,10 @@ int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, u if (error == SECCOMP_ERROR_NUMBER_KILL) a = scmp_act_kill_process(); +#ifdef SCMP_ACT_LOG + else if (action == SCMP_ACT_LOG) + a = SCMP_ACT_LOG; +#endif else if (action != SCMP_ACT_ALLOW && error >= 0) a = SCMP_ACT_ERRNO(error); |