diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 13:54:28 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 14:01:37 +0300 |
commit | 85bb547e4054ab147d393bf437998ad76043783a (patch) | |
tree | f18a85f2767fedf3d9b5b1fa3b3996c8cc027a9c /src/fseccomp/syscall.c | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-85bb547e4054ab147d393bf437998ad76043783a.tar.gz firejail-85bb547e4054ab147d393bf437998ad76043783a.tar.zst firejail-85bb547e4054ab147d393bf437998ad76043783a.zip |
Postpone installation of seccomp filters just before execve
Diffstat (limited to 'src/fseccomp/syscall.c')
-rw-r--r-- | src/fseccomp/syscall.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index 3a9be51a7..08ae5953d 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c | |||
@@ -182,12 +182,8 @@ static const SyscallGroupList sysgroups[] = { | |||
182 | #endif | 182 | #endif |
183 | }, | 183 | }, |
184 | { .name = "@default-keep", .list = | 184 | { .name = "@default-keep", .list = |
185 | "dup," | ||
186 | "execve," | 185 | "execve," |
187 | "prctl," | 186 | "prctl" |
188 | "setgid," | ||
189 | "setgroups," | ||
190 | "setuid" | ||
191 | }, | 187 | }, |
192 | { .name = "@module", .list = | 188 | { .name = "@module", .list = |
193 | #ifdef SYS_delete_module | 189 | #ifdef SYS_delete_module |