diff options
| author | Lennart Poettering <lennart@poettering.net> | 2019-10-30 11:11:05 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-10-30 15:42:49 +0100 |
| commit | 9e486265716963439fb0fd7f2a97abf109f24f75 (patch) | |
| tree | c9d98cbcd4b507da0cead8e886ac1ef51aea429b | |
| parent | 737f14054649db6bec5d73108db0675fe3fec3d1 (diff) | |
| download | systemd-9e486265716963439fb0fd7f2a97abf109f24f75.tar.gz | |
seccomp: add new Linux 5.3 syscalls to syscall filter lists
Many syscalls added and all fit nicely into existing groups, hence lets
add them there.
| -rw-r--r-- | src/shared/seccomp-util.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index acfe435283..0701dc4b9d 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -314,6 +314,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "io_pgetevents\0" "io_setup\0" "io_submit\0" + "io_uring_enter\0" + "io_uring_register\0" + "io_uring_setup\0" }, [SYSCALL_FILTER_SET_BASIC_IO] = { .name = "@basic-io", @@ -543,7 +546,13 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { .help = "Mounting and unmounting of file systems", .value = "chroot\0" + "fsconfig\0" + "fsmount\0" + "fsopen\0" + "fspick\0" "mount\0" + "move_mount\0" + "open_tree\0" "pivot_root\0" "umount\0" "umount2\0" @@ -622,6 +631,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "capset\0" "chroot\0" "fanotify_init\0" + "fanotify_mark\0" "nfsservctl\0" "open_by_handle_at\0" "pivot_root\0" @@ -647,10 +657,12 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "arch_prctl\0" "capget\0" /* Able to query arbitrary processes */ "clone\0" + "clone3\0" "execveat\0" "fork\0" "getrusage\0" "kill\0" + "pidfd_open\0" "pidfd_send_signal\0" "prctl\0" "rt_sigqueueinfo\0" |