Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
seccomp: set SCMP_FLTATR_ATL_TSKIP if available
Newer libseccomp has a flag called SCMP_FLTATR_ATL_TSKIP which allows syscall '-1' (nop) to be executed. Without that flag, debuggers cannot skip system calls inside containers. For reference, see the seccomp(2) manpage, which says: The tracer can skip the system call by changing the system call number to -1. and see the seccomp issue #80 Signed-off-by: Serge Hallyn <serge@hallyn.com>
- Loading branch information