MozillaWiki

Security/Sandbox/Seccomp: Difference between revisions

Page Discussion

Security/Sandbox/Seccomp (view source)

Revision as of 18:18, 6 February 2014

158 bytes added ,  6 February 2014
→‎Seccomp reporter
No edit summary
Line 76: Line 76:
When seccomp denies a system call, it sends a signal (SIGSYS) which is caught by the reporter. The reporter then kills itself (and thus the content-process).
When seccomp denies a system call, it sends a signal (SIGSYS) which is caught by the reporter. The reporter then kills itself (and thus the content-process).
The report kill itself because the content process may not handle the denied system call properly and be in a non-working state anyway.
The report kill itself because the content process may not handle the denied system call properly and be in a non-working state anyway.
When the reporter is enabled, the log message looks like this:
  seccomp sandbox violation: pid %u, syscall %lu, args %lu %lu %lu %lu %lu. Killing Process.


=== How do I check my processes are sandboxed by seccomp? ===
=== How do I check my processes are sandboxed by seccomp? ===
Gdestuynder
Confirmed users
502

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/918895"