Y
Hacker News
new
|
ask
|
show
|
jobs
by
jagger11
2967 days ago
Also, if you don't trust it, just set everything to SECCOMP_RET_TRACE, which kills the process if there is no ptracer
A small correction, it causes for the syscall not to be executed, and return with errno==ENOSYS
1 comments
geofft
2967 days ago
Oh, thanks. (It's still safe, because the inability to execute system calls basically translates into an inability to do anything the process was not previously authorized to do via... mmapped memory, and I think that's it.)
link