mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-24 21:34:08 +03:00
seccomp: include pipes and memfd in @ipc
These system calls clearly fall in the @ipc category, hence should be listed there, simply to avoid confusion and surprise by the user.
This commit is contained in:
parent
a8c157ff30
commit
cd5bfd7e60
@ -1319,7 +1319,7 @@
|
||||
</row>
|
||||
<row>
|
||||
<entry>@ipc</entry>
|
||||
<entry>SysV IPC, POSIX Message Queues or other IPC (<citerefentry project='man-pages'><refentrytitle>mq_overview</refentrytitle><manvolnum>7</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>svipc</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
|
||||
<entry>Pipes, SysV IPC, POSIX Message Queues and other IPC (<citerefentry project='man-pages'><refentrytitle>mq_overview</refentrytitle><manvolnum>7</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>svipc</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>@keyring</entry>
|
||||
|
@ -290,9 +290,10 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
|
||||
"select\0"
|
||||
},
|
||||
[SYSCALL_FILTER_SET_IPC] = {
|
||||
/* Message queues, SYSV IPC or other IPC: unusual */
|
||||
/* Message queues, SYSV IPC or other IPC */
|
||||
.name = "@ipc",
|
||||
.value = "ipc\0"
|
||||
"memfd_create\0"
|
||||
"mq_getsetattr\0"
|
||||
"mq_notify\0"
|
||||
"mq_open\0"
|
||||
@ -303,6 +304,8 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
|
||||
"msgget\0"
|
||||
"msgrcv\0"
|
||||
"msgsnd\0"
|
||||
"pipe2\0"
|
||||
"pipe\0"
|
||||
"process_vm_readv\0"
|
||||
"process_vm_writev\0"
|
||||
"semctl\0"
|
||||
|
Loading…
Reference in New Issue
Block a user