Confirm
502
edits
Changes
→Seccomp reporter
When seccomp denies a system call, it sends a signal (SIGSYS) which is caught by the reporter. The reporter then kills itself (and thus the content-process).
The report kill itself because the content process may not handle the denied system call properly and be in a non-working state anyway.
When the reporter is enabled, the log message looks like this:
seccomp sandbox violation: pid %u, syscall %lu, args %lu %lu %lu %lu %lu. Killing Process.
=== How do I check my processes are sandboxed by seccomp? ===
