Which is the difference between using SYS_syscallname and __NR_syscallname in a seccomp filter? Which one should I use?
Asked
Active
Viewed 141 times
1 Answers
2
You should use __NR_syscallname (e.g., __NR_chdir). As per the syscalls manpage:
Roughly speaking, the code belonging to the system call with number __NR_xxx defined in /usr/include/asm/unistd.h can be found in the Linux kernel source in the routine sys_xxx().
The difference is that SYS_syscallname definitions are part of the libc, while __NR_syscallname definitions are from the Linux headers. I'm also not sure all __NR_syscallname have a SYS_syscallname alias.
pchaigno
- 11,313
- 2
- 29
- 54