seccomp-util: add cacheflush() syscall to @default syscall set

This is like membarrier() I guess and basically just exposes CPU functionality via kernel syscall on some archs. Let's whitelist it for everyone. Fixes: #17197
author: Lennart Poettering <lennart@poettering.net> 2020-09-29 15:59:28 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2020-09-30 10:08:15 +0200
commit: 8e24b1d23f5fa711bfdfd38bcfef525de04cd3c1 (patch)
tree: 75e29545910ccfa445eea1168cf657a34fb94965 /src/shared/seccomp-util.c
parent: 4796a4fba98ee96290d0c3c6417195581f025ad0 (diff)
download: systemd-8e24b1d23f5fa711bfdfd38bcfef525de04cd3c1.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 358960d5c4..b22ef7cec1 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -272,6 +272,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 .name = "@default",
                 .help = "System calls that are always permitted",
                 .value =
+                "cacheflush\0"
                 "clock_getres\0"
                 "clock_getres_time64\0"
                 "clock_gettime\0"
author	Lennart Poettering <lennart@poettering.net>	2020-09-29 15:59:28 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2020-09-30 10:08:15 +0200
commit	8e24b1d23f5fa711bfdfd38bcfef525de04cd3c1 (patch)
tree	75e29545910ccfa445eea1168cf657a34fb94965 /src/shared/seccomp-util.c
parent	4796a4fba98ee96290d0c3c6417195581f025ad0 (diff)
download	systemd-8e24b1d23f5fa711bfdfd38bcfef525de04cd3c1.tar.gz