You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On Linux (only), enable a seccomp profile for preventing syscalls before entering the main processing loop. Currently the following syscalls are used by swtpm:
exit (at shutdown)
open (in loop, at shutdown)
close (in loop, at shutdown)
read (in loop)
write (in loop)
pipe (at setup)
poll (in loop)
accept (in loop)
fstat (at setup)
ioctl (at setup)
signal (at setup)
setuid (at setup)
setgid (at setup)
Those syscalls marked with 'in loop' or 'at shutdown' need to be allowed.
The seccomp profile would be enabled by default and --with-seccomp would be the implicit default to build the project with and --without-seccomp would disable it.
Additional command line parameters could be:
--seccomp action=none ; turn off seccomp profile
--seccomp action=kill ; default behavior
--seccomp action=log ; log the syscall
swtpm could be started by a process that itself runs a seccomp profile and that swtpm inherits and for that reason may not be able to set its seccomp profile. To handle this case seccomp action=none should be used.
The text was updated successfully, but these errors were encountered:
On Linux (only), enable a seccomp profile for preventing syscalls before entering the main processing loop. Currently the following syscalls are used by swtpm:
Those syscalls marked with 'in loop' or 'at shutdown' need to be allowed.
The seccomp profile would be enabled by default and --with-seccomp would be the implicit default to build the project with and --without-seccomp would disable it.
Additional command line parameters could be:
swtpmcould be started by a process that itself runs a seccomp profile and that swtpm inherits and for that reason may not be able to set its seccomp profile. To handle this caseseccomp action=noneshould be used.The text was updated successfully, but these errors were encountered: