On Mon, Feb 13, 2017 at 7:45 PM, Tyler Hicks <tyhicks(a)canonical.com> wrote:
This patch creates a read-only sysctl containing an ordered list of
seccomp actions that the kernel supports. The ordering, from left to
right, is the lowest action value (kill) to the highest action value
(allow). Currently, a read of the sysctl file would return "kill trap
errno trace allow". The contents of this sysctl file can be useful for
userspace code as well as the system administrator.
Would this make more sense as a new seccomp(2) mode a la
SECCOMP_HAS_ACTION? Then sandboxy things that have no fs access could
use it.
--Andy