It's even reported in exit(2) - Linux man page: return语句也会发生同样的情况，该语句最终会以与_exit()相似的方式终止进程.Same happens with the return statement, which should end up in killing your process, in the very similar manner with _exit().对过程进行分层将提供进一步的确认(要显示此信息，您必须不设置PR_SET_SECCOMP；只需注释prctl())，对于两种无效的情况，我都得到了类似的输出:Stracing the process will provide further confirmation (to allow this to show up, you have to not set PR_SET_SECCOMP; just comment prctl()) and I got similar output for both non-working cases:linux12:/home/users/grad1459>gcc seccomp.c -o seccomplinux12:/home/users/grad1459>strace ./seccompexecve("./seccomp", ["./seccomp"], [/* 24 vars */]) = 0brk(0) = 0x8784000access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb775f000access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3fstat64(3, {st_mode=S_IFREG|0644, st_size=97472, ...}) = 0mmap2(NULL, 97472, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7747000close(3) = 0access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\226\1\0004\0\0\0"..., 512) = 512fstat64(3, {st_mode=S_IFREG|0755, st_size=1730024, ...}) = 0mmap2(NULL, 1739484, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xdd0000mmap2(0xf73000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a3) = 0xf73000mmap2(0xf76000, 10972, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf76000close(3) = 0mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7746000set_thread_area({entry_number:-1 -> 6, base_addr:0xb7746900, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0mprotect(0xf73000, 8192, PROT_READ) = 0mprotect(0x8049000, 4096, PROT_READ) = 0mprotect(0x16e000, 4096, PROT_READ) = 0munmap(0xb7747000, 97472) = 0exit_group(0) = ?linux12:/home/users/grad1459>如您所见，exit_group()被调用，解释所有内容！As you can see, exit_group() is called, explaining everything!现在，正如您正确说的，"SYS_exit equals __NR_exit"；例如，它是在 mit.syscall中定义的.h :Now as you correctly stated, "SYS_exit equals __NR_exit"; for example it's defined in mit.syscall.h:#define SYS_exit __NR_exit所以最后两个调用是等效的，即您可以使用自己喜欢的一个，并且输出应为:so the last two calls are equivalent, i.e. you can use the one you like, and the output should be this:linux12:/home/users/grad1459>gcc seccomp.c -o seccomp && ./seccomp ; echo "${?}"0 PSPS您当然可以自己定义filter并使用:You could of course define a filter yourself and use:prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, filter);正如本征状态链接中所述，允许_exit()(或者严格来说是exit_group(2))，但是只有在您确实需要知道自己在做什么的情况下才这样做.as explained in the eigenstate link, to allow _exit() (or, strictly speaking, exit_group(2)), but do that only if you really need to and know what you are doing. 这篇关于seccomp ---如何EXIT_SUCCESS?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！