diff options
| author |  rusty-snake <print_hello_world+Public@protonmail.com> | 2019-07-22 16:40:14 +0200 |
|---|---|---|
| committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-07-22 16:40:14 +0200 |
| commit | 04e9d2e443b7b11ef2d36d761af206f136ca36dd (patch) | |
| tree | b3d44651a0e008d18951168dbbf489cf198a5456 /etc/templates/syscalls.txt | |
| parent | merges (diff) | |
| download | firejail-04e9d2e443b7b11ef2d36d761af206f136ca36dd.tar.gz firejail-04e9d2e443b7b11ef2d36d761af206f136ca36dd.tar.zst firejail-04e9d2e443b7b11ef2d36d761af206f136ca36dd.zip | |
Update syscalls.txt
* remove mincore
* add @default without chroot
* add @default-nodebuggers without chroot
Diffstat (limited to 'etc/templates/syscalls.txt')
| -rw-r--r-- | etc/templates/syscalls.txt | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/templates/syscalls.txt b/etc/templates/syscalls.txt index 2464df9ee..30ad6feea 100644 --- a/etc/templates/syscalls.txt +++ b/etc/templates/syscalls.txt | |||
| @@ -14,7 +14,7 @@ Hints for writing seccomp.drop lines | |||
| 14 | @obsolete=_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver | 14 | @obsolete=_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver |
| 15 | @resources=mbind,migrate_pages,move_pages,set_mempolicy | 15 | @resources=mbind,migrate_pages,move_pages,set_mempolicy |
| 16 | 16 | ||
| 17 | @default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,ioprio_set,io_setup,io_submit,kcmp,keyctl,mincore,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 17 | @default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
| 18 | 18 | ||
| 19 | @default-nodebuggers=@default,personality,process_vm_readv,ptrace | 19 | @default-nodebuggers=@default,personality,process_vm_readv,ptrace |
| 20 | 20 | ||
| @@ -41,3 +41,7 @@ Hints for writing seccomp.drop lines | |||
| 41 | | @default-nodebuggers | | 41 | | @default-nodebuggers | |
| 42 | +----------------------+ | 42 | +----------------------+ |
| 43 | 43 | ||
| 44 | |||
| 45 | @default without chroot: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pivot_root,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||
| 46 | |||
| 47 | @default-nodebuggers without chroot: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||