summaryrefslogtreecommitdiff
path: root/hwdb/ids-update.pl
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-10-25 16:08:38 +0200
committerLennart Poettering <lennart@poettering.net>2016-11-02 08:55:24 -0600
commit2ca8dc15f9cc050a8845b0a55f8226a7024ca623 (patch)
treee9da20ebdd9956b37228a5c7c79eb58eeabd149d /hwdb/ids-update.pl
parent5cd9cd3537d1afca85877103615e61e6c03e7079 (diff)
man: document that too strict system call filters may affect the service manager
If execve() or socket() is filtered the service manager might get into trouble executing the service binary, or handling any failures when this fails. Mention this in the documentation. The other option would be to implicitly whitelist all system calls that are required for these codepaths. However, that appears less than desirable as this would mean socket() and many related calls have to be whitelisted unconditionally. As writing system call filters requires a certain level of expertise anyway it sounds like the better option to simply document these issues and suggest that the user disables system call filters in the service temporarily in order to debug any such failures. See: #3993.
Diffstat (limited to 'hwdb/ids-update.pl')
0 files changed, 0 insertions, 0 deletions