Hello Genodians
I ran into some trouble using seccomp and the base-linux per-session sockets with the depot autopilot.
First the depot autopilot uses significantly more distinct syscalls and I dont quite understand why that is. The syscalls used above those used by the basic test-log are: clone, getpid, sigaltstack, rt_sigaction, gettimeofday, nanosleep
Can anyone explain why these are nessecary?
The other problem I couldn't solve up to now is that the depot autopilot seems to use many more sessions than the scenario itself. Even for the basic test-log scenario at least 512 sessions are used by a single process as it fails due to running out of socket descriptors when a socketpair per session is used.
Can anyone explain this behavior? Might there be stale sessions (leak) in the depot autopilot?
Best regards Stefan
-- Freundliche Grüsse
Stefan Thöni Chairman of the Board Senior Security Architect +41 79 610 64 95
gapfruit AG Baarerstrasse 135 6300 Zug https://gapfruit.com