Re: [PATCH v6 3/6] seccomp: Sysctl to configure actions that are allowed to be logged
On Fri, Aug 11, 2017 at 12:33 PM, Tyler Hicks <tyhicks(a)canonical.com> wrote:
On 08/11/2017 02:17 PM, Kees Cook wrote:
> One thought here: should "kill" be always forced on during a write?
> This flag effectively cannot be disabled, so listing it (or not) in
> the sysctl may be confusing...
"kill" can be silenced in the current implementation. Lets hammer out
whether or not that's the right thing to do and then we can discuss the
sysctl behavior on write. I don't personally have any concerns about an
admin being able to silence RET_KILL logs but let me know if you are
against it.
Oh right, this is fine. Yeah, as long as the default is to log it
(which it is) I'm fine. Thanks!
-Kees
--
Kees Cook
Pixel Security