You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are two optional ways to handle this filter config:
Parse the file during compilation, thus hard-coding the processing logic for each system call.
Parse the file during runtime, allow end-users to change the logic without compilation.
Going with 2 seems promising, but it comes with performance penalty. It also makes it much more difficult for the dynamic handling of string syscall args, like pathname of openat.
What are your opinions?
The text was updated successfully, but these errors were encountered:
In commit ecc839d, we introduced a seccomp filter config. However, how to use this file remains undecided.
There are two optional ways to handle this filter config:
Going with 2 seems promising, but it comes with performance penalty. It also makes it much more difficult for the dynamic handling of string syscall args, like
pathnameofopenat.What are your opinions?
The text was updated successfully, but these errors were encountered: