1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00

shared/seccomp: add note about clone2() being unimportant

In case anyone else starts wondering whether it should be listed
as I did…
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2022-04-19 11:56:23 +02:00
parent 5e3b8aeef3
commit c5503601e2

View File

@ -718,6 +718,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
.value =
"capget\0" /* Able to query arbitrary processes */
"clone\0"
/* ia64 as the only architecture has clone2, a replacement for clone, but ia64 doesn't
* implement seccomp, so we don't need to list it at all. C.f.
* acce2f71779c54086962fefce3833d886c655f62 in the kernel. */
"clone3\0"
"execveat\0"
"fork\0"