adding mincore syscall to the default seccomp filter and some independent profiles

author: netblue30 <netblue30@yahoo.com> 2019-01-14 09:44:53 -0500
committer: netblue30 <netblue30@yahoo.com> 2019-01-14 09:44:53 -0500
commit: ae3db84128503c16fd638b5c7bf9408d64ce14ba (patch)
tree: c9767454fa6a0555f3bd9784e6d5d7b7433b932e /etc/mpd.profile
parent: fix error message (diff)
download: firejail-ae3db84128503c16fd638b5c7bf9408d64ce14ba.tar.gz
firejail-ae3db84128503c16fd638b5c7bf9408d64ce14ba.tar.zst
firejail-ae3db84128503c16fd638b5c7bf9408d64ce14ba.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/mpd.profile b/etc/mpd.profile
index e06b83aa9..c532edeb2 100644
--- a/etc/mpd.profile
+++ b/etc/mpd.profile
@@ -30,7 +30,7 @@ novideo
 protocol unix,inet,inet6
 # blacklisting of ioprio_set system calls breaks auto-updating of
 # MPD's database when files in music_directory are changed
-seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
+seccomp.drop mincore,@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
 shell none
 #private-bin mpd,bash
author	netblue30 <netblue30@yahoo.com>	2019-01-14 09:44:53 -0500
committer	netblue30 <netblue30@yahoo.com>	2019-01-14 09:44:53 -0500
commit	ae3db84128503c16fd638b5c7bf9408d64ce14ba (patch)
tree	c9767454fa6a0555f3bd9784e6d5d7b7433b932e /etc/mpd.profile
parent	fix error message (diff)
download	firejail-ae3db84128503c16fd638b5c7bf9408d64ce14ba.tar.gz firejail-ae3db84128503c16fd638b5c7bf9408d64ce14ba.tar.zst firejail-ae3db84128503c16fd638b5c7bf9408d64ce14ba.zip

diff --git a/etc/mpd.profile b/etc/mpd.profile index e06b83aa9..c532edeb2 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile
@@ -30,7 +30,7 @@ novideo
30	protocol unix,inet,inet6	30	protocol unix,inet,inet6
31	# blacklisting of ioprio_set system calls breaks auto-updating of	31	# blacklisting of ioprio_set system calls breaks auto-updating of
32	# MPD's database when files in music_directory are changed	32	# MPD's database when files in music_directory are changed
33	seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice	33	seccomp.drop mincore,@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
34	shell none	34	shell none
35		35
36	#private-bin mpd,bash	36	#private-bin mpd,bash