mirror of
https://github.com/systemd/systemd.git
synced 2024-10-30 06:25:37 +03:00
shared/seccomp: add note about clone2() being unimportant
In case anyone else starts wondering whether it should be listed as I did…
This commit is contained in:
parent
5e3b8aeef3
commit
c5503601e2
@ -718,6 +718,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
|
||||
.value =
|
||||
"capget\0" /* Able to query arbitrary processes */
|
||||
"clone\0"
|
||||
/* ia64 as the only architecture has clone2, a replacement for clone, but ia64 doesn't
|
||||
* implement seccomp, so we don't need to list it at all. C.f.
|
||||
* acce2f71779c54086962fefce3833d886c655f62 in the kernel. */
|
||||
"clone3\0"
|
||||
"execveat\0"
|
||||
"fork\0"
|
||||
|
Loading…
Reference in New Issue
Block a user