Paul Moore

While the libseccomp devs understand the purpose and motivation behind the pseudo-syscalls, they may seem like an odd concept to users of the library. We should do a better job...

We have some basic tooling to generate (tests/testgen) and compare (tests/testdiff) BPF output from multiple test runs, we should investigate adding known good BPF output from the tests to the...

RFE: ensure parity with the current libseccomp release

10

The libseccomp golang bindings have lagged the main libseccomp release for some time now. Before the next release of the bindings we need to go through and ensure that all...

This issue is simply a placeholder/tracking issue to cover a review of the entire libseccomp-golang API prior to the v1.0 release.

RFE: add the SCMP_FLTATR_CTL_WAITKILL filter attribute

3

The SCMP_FLTATR_CTL_WAITKILL attribute requests that the SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag be passed to the seccomp(2) system call when possible, which is currently only when the SECCOMP_FILTER_FLAG_NEW_LISTENER flag is also set. Resolves #387

We should have a SUBMITTING_PATCHES file which documents how to submit patches to this repository. An example file from libseccomp: - https://github.com/seccomp/libseccomp/blob/master/SUBMITTING_PATCHES

BUG: import the audit-validation code into a new repo on github.com/linux-audit

2

Source: https://people.redhat.com/sgrubb/audit/audit-validation-0.1.tar.gz

BUG: import the ausearch-test code into a new repo on github.com/linux-audit

14

Source: https://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz

Original location: https://people.redhat.com/sgrubb/audit/visualize/index.html

Q/BUG: investigate use of task_pid_nr(...) vs task_tgid_nr(...)

3

Most of the kernel audit code uses the TGID, or task group ID, in place of the actual PID as most users care more about the processes than threads. However...