shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-08-04 12:22:39 +03:00
Code Activity

seccomp: add new Linux 5.3 syscalls to syscall filter lists

Browse Source 
Many syscalls added and all fit nicely into existing groups, hence lets
add them there.

(cherry picked from commit 9e48626571)
(cherry picked from commit 51ea58a04b)

Note: this doesn't do much without an updated libseccomp (>= 2.4.2 ?).
This commit is contained in:
Lennart Poettering
2019-10-30 11:11:05 +01:00
committed by Zbigniew Jędrzejewski-Szmek
parent 18dd3fb491
commit edf13160bf
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/shared/seccomp-util.c
View File

@ -314,6 +314,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"io_pgetevents\0" "io_pgetevents\0"
"io_setup\0" "io_setup\0"
"io_submit\0" "io_submit\0"
"io_uring_enter\0"
"io_uring_register\0"
"io_uring_setup\0"
}, },
[SYSCALL_FILTER_SET_BASIC_IO] = { [SYSCALL_FILTER_SET_BASIC_IO] = {
.name = "@basic-io", .name = "@basic-io",
@ -543,7 +546,13 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
.help = "Mounting and unmounting of file systems", .help = "Mounting and unmounting of file systems",
.value = .value =
"chroot\0" "chroot\0"
"fsconfig\0"
"fsmount\0"
"fsopen\0"
"fspick\0"
"mount\0" "mount\0"
"move_mount\0"
"open_tree\0"
"pivot_root\0" "pivot_root\0"
"umount\0" "umount\0"
"umount2\0" "umount2\0"
@ -622,6 +631,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"capset\0" "capset\0"
"chroot\0" "chroot\0"
"fanotify_init\0" "fanotify_init\0"
"fanotify_mark\0"
"nfsservctl\0" "nfsservctl\0"
"open_by_handle_at\0" "open_by_handle_at\0"
"pivot_root\0" "pivot_root\0"
@ -647,10 +657,13 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"arch_prctl\0" "arch_prctl\0"
"capget\0" /* Able to query arbitrary processes */ "capget\0" /* Able to query arbitrary processes */
"clone\0" "clone\0"
"clone3\0"
"execveat\0" "execveat\0"
"fork\0" "fork\0"
"getrusage\0" "getrusage\0"
"kill\0" "kill\0"
"pidfd_open\0"
"pidfd_send_signal\0"
"prctl\0" "prctl\0"
"rt_sigqueueinfo\0" "rt_sigqueueinfo\0"
"rt_tgsigqueueinfo\0" "rt_tgsigqueueinfo\0"