diff --git a/TODO b/TODO index 5b312649a53..3762aa24471 100644 --- a/TODO +++ b/TODO @@ -23,6 +23,12 @@ Janitorial Clean-ups: Features: +* tweak journald context caching. In addition to caching per-process attributes + keyed by PID, cache per-cgroup attributes (i.e. the various xattrs we read) + keyed by cgroup path, and guarded by ctime changes. This should provide us + with a nice speed-up on services that have many processes running in the same + cgroup. + * clean up sleep.c: - Use CLOCK_BOOTTIME_ALARM for waking up s2h instead of RTC ioctls - Parse sleep.conf only once, and parse its whole contents so that we don't diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 2f62c7acb53..77592e8faf7 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -2695,7 +2695,9 @@ int config_parse_syscall_filter( c->syscall_whitelist = true; /* Accept default syscalls if we are on a whitelist */ - r = seccomp_parse_syscall_filter("@default", -1, c->syscall_filter, SECCOMP_PARSE_WHITELIST); + r = seccomp_parse_syscall_filter( + "@default", -1, c->syscall_filter, + SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_WHITELIST); if (r < 0) return r; } @@ -2722,9 +2724,12 @@ int config_parse_syscall_filter( continue; } - r = seccomp_parse_syscall_filter_full(name, num, c->syscall_filter, - SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|(invert ? SECCOMP_PARSE_INVERT : 0)|(c->syscall_whitelist ? SECCOMP_PARSE_WHITELIST : 0), - unit, filename, line); + r = seccomp_parse_syscall_filter_full( + name, num, c->syscall_filter, + SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE| + (invert ? SECCOMP_PARSE_INVERT : 0)| + (c->syscall_whitelist ? SECCOMP_PARSE_WHITELIST : 0), + unit, filename, line); if (r < 0) return r; } diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 905be0f6a91..ba3f433106b 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -291,6 +291,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "pause\0" "prlimit64\0" "restart_syscall\0" + "rseq\0" "rt_sigreturn\0" "sched_yield\0" "set_robust_list\0"