sys_writev() isn't permitted if SECCOMP_SET_MODE_STRICT is enabled. In @__criu__, we have a test which fails with @musllibc and works with glibc.https://twitter.com/vagin_andrey/status/1001985524855394305 …
I disagree that it's not a good idea. Assuming stdio won't do anything incompatible with strict (nonfilter) seccomp is unreasonable. I would go so far as to say assuming anything works with strict is unreasonable.
-
-
For example setprocmask is needed internally for lots of things, and some awful archs even need syscalls for get_thread_area or cmpxchg.
-
wait, SECCOMP_SET_MODE_STRICT disallows sys_sigprocmask()? what the actual hell?
-
Yes. It's so broad as to be utterly useless.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.