From d06c54db1b3504caed8673216a72b117d0692351 Mon Sep 17 00:00:00 2001 From: Philipp Stephani Date: Sun, 11 Apr 2021 16:41:44 +0200 Subject: [PATCH] Remove SCMP_FLTATR_CTL_LOG attribute from Seccomp filter. Whether or not we log failing syscalls isn't security-critical, and we shouldn't care. * lib-src/seccomp-filter.c (main): Remove log attribute. --- lib-src/seccomp-filter.c | 1 - 1 file changed, 1 deletion(-) diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c index 77e4413d3d4..e4d56e01b4d 100644 --- a/lib-src/seccomp-filter.c +++ b/lib-src/seccomp-filter.c @@ -151,7 +151,6 @@ main (int argc, char **argv) set_attribute (SCMP_FLTATR_ACT_BADARCH, SCMP_ACT_KILL_PROCESS); set_attribute (SCMP_FLTATR_CTL_NNP, 1); set_attribute (SCMP_FLTATR_CTL_TSYNC, 1); - set_attribute (SCMP_FLTATR_CTL_LOG, 0); verify (CHAR_BIT == 8); verify (sizeof (int) == 4 && INT_MIN == INT32_MIN -- 2.39.5