Merge branch 'master' of https://github.com/netblue30/firejail

author: smitsohu <smitsohu@gmail.com> 2019-07-25 11:58:53 +0200
committer: smitsohu <smitsohu@gmail.com> 2019-07-25 11:58:53 +0200
commit: d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499 (patch)
tree: d5b602c771940985a9e68f5d5002d0d41b30728d /etc
parent: fix whitelisting for homedirs outside /home (diff)
parent: fix make scan-build for debian 10 and arch (diff)
download: firejail-d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499.tar.gz
firejail-d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499.tar.zst
firejail-d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/templates/syscalls.txt b/etc/templates/syscalls.txt
index 2464df9ee..30ad6feea 100644
--- a/etc/templates/syscalls.txt
+++ b/etc/templates/syscalls.txt
@@ -14,7 +14,7 @@ Hints for writing seccomp.drop lines
 @obsolete=_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver
 @resources=mbind,migrate_pages,move_pages,set_mempolicy
-@default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,ioprio_set,io_setup,io_submit,kcmp,keyctl,mincore,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
+@default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
 @default-nodebuggers=@default,personality,process_vm_readv,ptrace
@@ -41,3 +41,7 @@ Hints for writing seccomp.drop lines
 | @default-nodebuggers |
 +----------------------+
+@default without chroot: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pivot_root,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+@default-nodebuggers without chroot: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
author	smitsohu <smitsohu@gmail.com>	2019-07-25 11:58:53 +0200
committer	smitsohu <smitsohu@gmail.com>	2019-07-25 11:58:53 +0200
commit	d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499 (patch)
tree	d5b602c771940985a9e68f5d5002d0d41b30728d /etc
parent	fix whitelisting for homedirs outside /home (diff)
parent	fix make scan-build for debian 10 and arch (diff)
download	firejail-d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499.tar.gz firejail-d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499.tar.zst firejail-d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499.zip