diff options
author | smitsohu <smitsohu@gmail.com> | 2022-07-17 16:42:06 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2022-07-17 17:05:36 +0200 |
commit | f4f44a5f96c49aff62000f3a9802277152423534 (patch) | |
tree | be99566e63471008ff5edcb6957795605b77a9ad /etc/profile-a-l/lzma.profile | |
parent | refresh and sort syscall tables (diff) | |
download | firejail-f4f44a5f96c49aff62000f3a9802277152423534.tar.gz firejail-f4f44a5f96c49aff62000f3a9802277152423534.tar.zst firejail-f4f44a5f96c49aff62000f3a9802277152423534.zip |
refresh syscall groups (#5188)
now covers syscalls up to including process_madvise (440)
group assignment was blindly copied from systemd:
https://github.com/systemd/systemd/blob/729d2df8065ac90ac606e1fff91dc2d588b2795d/src/shared/seccomp-util.c#L305
the only exception is close_range, which was added to both @basic-io and @file-system
this commit adds the following syscalls to the default blacklist:
pidfd_getfd,fsconfig,fsmount,fsopen,fspick,move_mount,open_tree
Diffstat (limited to 'etc/profile-a-l/lzma.profile')
0 files changed, 0 insertions, 0 deletions