I'm writing an application which is protected by seccomp.
This application uses fork() and then execvp() to run certain programs.
It seems as though any child process of my program will be constrained under the same restrictions and filters as the parent process is, according to the Linux kernel documentation.
The programs which it executes are fairly large, and require numerous syscalls that the main program does not. I don't want to give the main program access to any syscalls it does not need.
Is there a way to set the main process to be protected by seccomp, but any child processes not protected?
Aucun commentaire:
Enregistrer un commentaire