seccomp: port @privileged to use @reboot + @swap

Let's reuse two groups we already defined to make @privileged a bit shorter.
2024-11-01 09:21:26 +03:00 · 2017-10-02 09:16:50 +02:00 · 2017-10-02 09:16:50 +02:00 · af0f047ba8
commit af0f047ba8
parent e59608fa5f
1 changed files with 2 additions and 5 deletions
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@ -628,17 +628,16 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "@clock\0"
                "@module\0"
                "@raw-io\0"
+                "@reboot\0"
+                "@swap\0"
                "_sysctl\0"
                "acct\0"
                "bpf\0"
                "capset\0"
                "chroot\0"
-                "kexec_file_load\0"
-                "kexec_load\0"
                "nfsservctl\0"
                "pivot_root\0"
                "quotactl\0"
-                "reboot\0"
                "setdomainname\0"
                "setfsuid\0"
                "setfsuid32\0"
@ -651,8 +650,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "setreuid32\0"
                "setuid\0"
                "setuid32\0"
-                "swapoff\0"
-                "swapon\0"
                "vhangup\0"
        },
        [SYSCALL_FILTER_SET_PROCESS] = {