diff options
| author |  netblue30 <netblue30@yahoo.com> | 2019-01-14 09:44:53 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2019-01-14 09:44:53 -0500 |
| commit | ae3db84128503c16fd638b5c7bf9408d64ce14ba (patch) | |
| tree | c9767454fa6a0555f3bd9784e6d5d7b7433b932e /src | |
| parent | fix error message (diff) | |
| download | firejail-ae3db84128503c16fd638b5c7bf9408d64ce14ba.tar.gz firejail-ae3db84128503c16fd638b5c7bf9408d64ce14ba.tar.zst firejail-ae3db84128503c16fd638b5c7bf9408d64ce14ba.zip | |
adding mincore syscall to the default seccomp filter and some independent profiles
Diffstat (limited to 'src')
| -rw-r--r-- | src/fseccomp/syscall.c | 5 | ||||
| -rw-r--r-- | src/man/firejail.txt | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index 3b10c4473..b17d86a0b 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c | |||
| @@ -168,7 +168,10 @@ static const SyscallGroupList sysgroups[] = { | |||
| 168 | "umount," | 168 | "umount," |
| 169 | #endif | 169 | #endif |
| 170 | #ifdef SYS_userfaultfd | 170 | #ifdef SYS_userfaultfd |
| 171 | "userfaultfd" | 171 | "userfaultfd," |
| 172 | #endif | ||
| 173 | #ifdef SYS_mincore // 0.9.57 | ||
| 174 | "mincore" | ||
| 172 | #endif | 175 | #endif |
| 173 | }, | 176 | }, |
| 174 | { .name = "@default-nodebuggers", .list = | 177 | { .name = "@default-nodebuggers", .list = |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 2d0bd26d0..0d402ef36 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -1700,7 +1700,7 @@ Enable seccomp filter and blacklist the syscalls in the default list (@default). | |||
| 1700 | _sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime, | 1700 | _sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime, |
| 1701 | create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module, | 1701 | create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module, |
| 1702 | io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load, | 1702 | io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load, |
| 1703 | kexec_load, keyctl, lock, lookup_dcookie, mbind, migrate_pages, modify_ldt, mount, move_pages, mpx, | 1703 | kexec_load, keyctl, lock, lookup_dcookie, mbind, migrate_pages, modify_ldt, mount, mincore, move_pages, mpx, |
| 1704 | name_to_handle_at, nfsservctl, ni_syscall, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open, | 1704 | name_to_handle_at, nfsservctl, ni_syscall, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open, |
| 1705 | personality, pivot_root, process_vm_readv, process_vm_writev, prof, profil, ptrace, putpmsg, | 1705 | personality, pivot_root, process_vm_readv, process_vm_writev, prof, profil, ptrace, putpmsg, |
| 1706 | query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr, | 1706 | query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr, |