droproot, seccomp

[Hal Murray]

> At least under Linux, you'd better trace kernel calls with ftrace, not
> strace.  The newer kernels should have dtrace-like capabilities to tailor
> your probes. 

What do I gain by using it?  strace does exactly what I want -- it tells me which syscalls are being used.  I don't care about anything else.  That's the granularity that seccomp uses.

seccomp does have options for checking some parameters.  I'm not familiar with the details.


-- 
These are my opinions.  I hate spam.