minijail: improve debug and help text output

When reporting blocked syscalls, include the list of implicitly allowed syscalls in the syslog report. This also improves the help text to clarify where things are logged, and when -n is needed. BUG=None TEST=`minijail0 -L -S /dev/null /bin/ls` reports expected syscalls to syslog Change-Id: I9c1104f34f55d807339106470f0b1611988ea0a5 Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/236741 Reviewed-by: Peter Qiu <zqiu@chromium.org>
author: Kees Cook <keescook@chromium.org> 2014-12-18 17:11:13 -0800
committer: ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> 2015-01-06 03:40:35 +0000
commit: 03b2af22a2170e9130c8df9e5e92a4d79e91ac0e (patch)
tree: 85f20aee5255525bbcea4d054d7b2beb032ed023 /syscall_filter.c
parent: 8b488a5b1f0b5eab62516b50e638c1484409bb87 (diff)
download: minijail-03b2af22a2170e9130c8df9e5e92a4d79e91ac0e.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/syscall_filter.c b/syscall_filter.c
index 70fff07..9ea5dca 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c
@@ -125,8 +125,10 @@ void append_allow_syscall(struct filter_block *head, int nr)
 void allow_log_syscalls(struct filter_block *head)
 {
 	unsigned int i;
-	for (i = 0; i < log_syscalls_len; i++)
+	for (i = 0; i < log_syscalls_len; i++) {
+		warn("allowing syscall: %s", log_syscalls[i]);
 		append_allow_syscall(head, lookup_syscall(log_syscalls[i]));
+	}
 }
 
 unsigned int get_label_id(struct bpf_labels *labels, const char *label_str)
author	Kees Cook <keescook@chromium.org>	2014-12-18 17:11:13 -0800
committer	ChromeOS Commit Bot <chromeos-commit-bot@chromium.org>	2015-01-06 03:40:35 +0000
commit	03b2af22a2170e9130c8df9e5e92a4d79e91ac0e (patch)
tree	85f20aee5255525bbcea4d054d7b2beb032ed023 /syscall_filter.c
parent	8b488a5b1f0b5eab62516b50e638c1484409bb87 (diff)
download	minijail-03b2af22a2170e9130c8df9e5e92a4d79e91ac0e.tar.gz