2014-07-09 2:33 GMT+02:00 David Timothy Strauss <[email protected]>: > Is there a good way to empirically determine the additional calls > required for an application, sort of like selinux permissive mode? > We're often running user code on our servers, and we'd like to perform > analysis and gradually roll out filtering. We'd like to be as > non-disruptive as possible.
Hi, Maybe you can use something like a syscall reporter [1] to tell you which syscall is needed ? But it means that you have to run the application, i'm not sure that's what you want. [1] http://outflux.net/teach-seccomp/step-3/syscall-reporter.c _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
