[Systrace] `execve: permit' automatically inherits?
Niels Provos
provos at citi.umich.edu
Fri May 28 11:55:22 EDT 2004
On Fri, May 28, 2004 at 11:14:22AM -0400, Ray wrote:
> Having a rule `execve: permit' seems to automatically inherit (it
> acts just like `execve: true then permit[inherit]').
> `execve: true then permit' doesn't have this problem. Is this
> expected?
execve: permit means that the kernel will just execute any execve()
system call and not even consult Systrace about it. At that point,
Systrace does not know that new binaries are executed.
So, for execve, you always need to specify a rule, the simplest one
would be:
execve: true then permit
Niels.
More information about the systrace
mailing list