Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SCMP_ACT_TRACE as a valid Seccomp action #347

Closed
wants to merge 1 commit into from
Closed

Add SCMP_ACT_TRACE as a valid Seccomp action #347

wants to merge 1 commit into from

Conversation

mheon
Copy link
Contributor

@mheon mheon commented Oct 20, 2015

This enables tracing of blocked system calls in a container. This could be useful for debugging, and is the only Seccomp action runc doesn't support at present.

@mheon
Add SCMP_ACT_TRACE as a valid Seccomp action
8ba6cd4 
This enables tracing of blocked system calls in a container for debugging
purposes.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
@mheon
Copy link
Contributor Author

mheon commented Oct 20, 2015

This defaults to using EPERM as its signal, to match ACT_ERRNO. Looking into making that configurable in the runc spec, hopefully will have a PR out for that by end of today.

keloyang
keloyang reviewed Oct 23, 2015
View reviewed changes
libcontainer/configs/config.go
@@ -33,9 +33,10 @@ type Seccomp struct {
type Action int

const (
Kill Action = iota - 4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not do it like this ?


const (
    Kill Action = iota
    Errno
    Trap
    Allow
    Trace
)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This way, uninitialized Action variables will not be a valid constant, and will cause an error

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just like the define of "EqualTo Operator", I do think it has problem,Maybe the error caused by other. It doesn't matter all the same,just a surgestion. thanks for your reply.

crosbymichael added a commit to crosbymichael/runc that referenced this pull request Nov 13, 2015
@crosbymichael
Add seccomp trace support
caca840 
Closes opencontainers#347

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
@crosbymichael crosbymichael mentioned this pull request Nov 13, 2015
Merged
@LK4D4 LK4D4 closed this in #398 Nov 13, 2015
stefanberger pushed a commit to stefanberger/runc that referenced this pull request Sep 8, 2017
@vbatts
Merge pull request opencontainers#347 from vbatts/user-name
7aa7dcd 
config: clarify the uname mapping
@thaJeztah thaJeztah mentioned this pull request Dec 8, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
status/0-triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mheon @crosbymichael @keloyang @GordonTheTurtle