Confirm
502
edits
Changes
no edit summary
SetCurrentProcessSandbox(void)
=== Seccomp reporter ===
The reporter is an option which will log exactly which system call has been denied by seccomp. It is enabled by default in engineering builds ("eng" builds).
The option is --content-sandbox-reporter.
When seccomp denies a system call, it sends a signal (SIGSYS) which is caught by the reporter. The reporter then kills itself (and thus the content-process).
The report kill itself because the content process may not handle the denied system call properly and be in a non-working state anyway.
=== How do I check my processes are sandboxed by seccomp? ===
