1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 09:21:26 +03:00

seccomp: port @privileged to use @reboot + @swap

Let's reuse two groups we already defined to make @privileged a bit
shorter.
This commit is contained in:
Lennart Poettering 2017-10-02 09:16:50 +02:00
parent e59608fa5f
commit af0f047ba8

View File

@ -628,17 +628,16 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"@clock\0" "@clock\0"
"@module\0" "@module\0"
"@raw-io\0" "@raw-io\0"
"@reboot\0"
"@swap\0"
"_sysctl\0" "_sysctl\0"
"acct\0" "acct\0"
"bpf\0" "bpf\0"
"capset\0" "capset\0"
"chroot\0" "chroot\0"
"kexec_file_load\0"
"kexec_load\0"
"nfsservctl\0" "nfsservctl\0"
"pivot_root\0" "pivot_root\0"
"quotactl\0" "quotactl\0"
"reboot\0"
"setdomainname\0" "setdomainname\0"
"setfsuid\0" "setfsuid\0"
"setfsuid32\0" "setfsuid32\0"
@ -651,8 +650,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"setreuid32\0" "setreuid32\0"
"setuid\0" "setuid\0"
"setuid32\0" "setuid32\0"
"swapoff\0"
"swapon\0"
"vhangup\0" "vhangup\0"
}, },
[SYSCALL_FILTER_SET_PROCESS] = { [SYSCALL_FILTER_SET_PROCESS] = {