From 0eb915ebeb0433b708506fa7b100c477c49f5497 Mon Sep 17 00:00:00 2001
From: guochao <guochao@cn.nutstore.net>
Date: Fri, 3 Nov 2023 11:30:49 +0800
Subject: [PATCH] fix segv

---
 src/main.rs | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 5edcc56..14e4c60 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -68,7 +68,7 @@ fn main() -> anyhow::Result<()> {
                     return Err(err.into());
                 }
             };
-            nix::sys::ptrace::setoptions(child, Options::PTRACE_O_TRACESECCOMP)?;
+            nix::sys::ptrace::setoptions(child, Options::PTRACE_O_TRACESECCOMP | Options::PTRACE_O_TRACECLONE | Options::PTRACE_O_TRACEFORK | Options::PTRACE_O_TRACEVFORK)?;
             nix::sys::ptrace::cont(child, None)?;
             log::trace!("child is ready");
 
@@ -158,8 +158,13 @@ fn main() -> anyhow::Result<()> {
         log::trace!("accepting {}({})", syscall_name, syscall_nr);
     };
 
-    log::debug!("restrict myself by set_no_new_privs...");
-    nix::sys::prctl::set_no_new_privs()?;
+    #[cfg(feature = "tracing-mode")]
+    if tracing {
+        log::debug!("no need to restrict myself by set_no_new_privs");
+    } else {
+        log::debug!("restrict myself by set_no_new_privs...");
+        nix::sys::prctl::set_no_new_privs()?;
+    }
 
     log::info!("loading filter into kernel...");
     if let Err(err) = filter.load() {