Postpone installation of seccomp filters just before execve

author: Topi Miettinen <toiwoton@gmail.com> 2017-08-19 13:54:28 +0300
committer: Topi Miettinen <toiwoton@gmail.com> 2017-08-19 14:01:37 +0300
commit: 85bb547e4054ab147d393bf437998ad76043783a (patch)
tree: f18a85f2767fedf3d9b5b1fa3b3996c8cc027a9c /src/fseccomp/syscall.c
parent: Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download: firejail-85bb547e4054ab147d393bf437998ad76043783a.tar.gz
firejail-85bb547e4054ab147d393bf437998ad76043783a.tar.zst
firejail-85bb547e4054ab147d393bf437998ad76043783a.zip
1 files changed, 1 insertions, 5 deletions
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c
index 3a9be51a7..08ae5953d 100644
--- a/src/fseccomp/syscall.c
+++ b/src/fseccomp/syscall.c
@@ -182,12 +182,8 @@ static const SyscallGroupList sysgroups[] = {
 #endif
        },
        { .name = "@default-keep", .list =
-          "dup,"
          "execve,"
-          "prctl,"
+          "prctl"
-          "setgid,"
-          "setgroups,"
-          "setuid"
        },
        { .name = "@module", .list =
 #ifdef SYS_delete_module
author	Topi Miettinen <toiwoton@gmail.com>	2017-08-19 13:54:28 +0300
committer	Topi Miettinen <toiwoton@gmail.com>	2017-08-19 14:01:37 +0300
commit	85bb547e4054ab147d393bf437998ad76043783a (patch)
tree	f18a85f2767fedf3d9b5b1fa3b3996c8cc027a9c /src/fseccomp/syscall.c
parent	Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download	firejail-85bb547e4054ab147d393bf437998ad76043783a.tar.gz firejail-85bb547e4054ab147d393bf437998ad76043783a.tar.zst firejail-85bb547e4054ab147d393bf437998ad76043783a.zip