Fixing SECCOMP filter stacking

Chris Jones jones.chris.g at
Wed Nov 26 16:37:48 PST 2014

On Wed, Nov 26, 2014 at 12:36 PM, Robert O'Callahan <robert at>

> The other way is to have rr choose a fixed address for the untraced
> syscall when we spawn the first tracee, and after every exec mmap a page at
> that address (whatever the architecture) and store an untraced-syscall code
> sequence in it. Then rr can set up a single SECCOMP when we spawn the first
> tracee.
​That's​ analogous to how valgrind loads its in-process code; mapped to a
fixed address below the usual exe offset.  So in line with prior art.  I
wonder if we could even use the same trick: set some ELF header on to have it mapped at an analogous location.  That would
also let us turn off PIC, though that probably doesn't buy us anything

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the rr-dev mailing list