Syscall
How to see which syscalls are part of a systemd syscall filter set
Learn how to see what syscalls are part of a particular syscall filter set in systemd.
Summary
Systemd can restrict services from using particular syscalls with the help of the unit setting SystemCallFilter. Instead of mentioning all individual syscalls, systemd has predefined sets that can be used. These sets group functions that are related. To see which syscalls are part of a set, use the systemd-analyze command.
# systemd-analyze syscall-filter @ipc
@ipc
# SysV IPC, POSIX Message Queues or other IPC
ipc
memfd_create
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedreceive_time64
mq_timedsend
mq_timedsend_time64
mq_unlink
msgctl
msgget
msgrcv
msgsnd
pipe
pipe2
process_madvise
process_vm_readv
process_vm_writev
semctl
semget
semop
semtimedop
semtimedop_time64
shmat
shmctl
shmdt
shmget
See systemd syscall filtering for all details.
SystemCallFilter setting
Define if systemd units are allowed to use specific syscalls or groups with the unit setting SystemCallFilter.
Summary
Why and when to use SystemCallFilter
The setting SystemCallFilter aims to prevent misuse of syscalls that are not needed for normal functioning of a process. This powerful filtering restricts the abilities of a process, but requires understanding of processes by the system administrator. See the overview of Linux syscalls for more details.
Configuration
This setting takes a space-separated list and may be specified multiple times.
Systemd syscall filtering
Learn more about the system calls (syscalls) that systemd may use in commands and unit files, such as with SystemCallFilter property.
Summary
Overview of syscalls in systemd by group
Monitor file access by Linux processes
Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes.
Summary
Processes are the running workforce on a Linux system. Each process has a particular goal, like forking child processes, handling incoming user requests of monitoring other processes. As a system administrator or IT auditor, you might want to know at some point what disk activity occurs in a process. In this article, we have a look at a few options to quickly reveal what is occuring in a process, including disk and file activity.