Questions tagged [seccomp]
6 questions
2
votes
1 answer
How to debug systemd seccomp SystemCallFilter unit-name.service: Main process exited, code=killed, status=31/SYS?
systemd unit file:
[Service]
SystemCallFilter=[...]
Error message:
unit-name.service: Main process exited, code=killed, status=31/SYS
How to find out which system call is missing in the whitelist?
adrelanos
- 1,786
- 7
- 29
- 56
0
votes
0 answers
How to make a restrictive syscall *whitelist* with systemd-nspawn?
I'm trying to lock down a container using systemd-nspawn, so that only the specific syscalls I whitelist are allowed. Per the documentation, there's a pretty lax filter in place by default, consisting of a large whitelist of hundreds of different…
SwarmOfBees
- 1
- 1
0
votes
1 answer
seccomp vs bcc for syscall interception
how can I use seccomp and prctl syscall vs bcc to interception syscalls?
Is there another way to achieve this goal with bcc ??
I know that it is possible with pure ebpf code in C but it is too difficult to understand and use and I want to use bcc…
Mostafa Sarmad
- 11
- 6
0
votes
1 answer
Invalid system call error when executing file command
I noticed a strange thing. When I run the file command as a regular user, I always get an invalid system call error.
For example in zsh:
$ file ~/.zshrc
[1] 18553 invalid system call file ~/.zshrc
Or in bash / dash / sh:
$ file ~/.bashrc
Bad…
BlueManCZ
- 1,693
- 12
- 31
0
votes
1 answer
How to install linux/seccomp.h in centos6
It seems that kernel-headers rpm does not include seccomp.h, I am wondering where to find seccomp.h header file on centos6?
Howard Yu
- 19
- 2
0
votes
0 answers
How can a malicious seccomp filter cause an attempt to use `setuid(2)` to return 0, without actually making the system call?
I was reading the documentation on seccomp(2) on my Debian system, and stumbled upon the following sentence from the paragraph below:
Such a malicious filter might, for example, cause an attempt
to use setuid(2) to set the caller's…
Shuzheng
- 4,023
- 1
- 31
- 71