diff options
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/templates/syscalls.txt | 2 | ||||
-rw-r--r-- | src/lib/syscall.c | 3 |
3 files changed, 2 insertions, 4 deletions
@@ -5,6 +5,7 @@ firejail (0.9.65) baseline; urgency=low | |||
5 | * new firejail.config settings: private-opt, private-srv | 5 | * new firejail.config settings: private-opt, private-srv |
6 | * new firejail.config settings: whitelist-disable-topdir | 6 | * new firejail.config settings: whitelist-disable-topdir |
7 | * new firejail.config settings: seccomp-filter-add | 7 | * new firejail.config settings: seccomp-filter-add |
8 | * removed kcmp syscall from seccomp default filter | ||
8 | * rename --noautopulse to keep-config-pulse | 9 | * rename --noautopulse to keep-config-pulse |
9 | * filtering environment variables | 10 | * filtering environment variables |
10 | * zsh completion | 11 | * zsh completion |
diff --git a/etc/templates/syscalls.txt b/etc/templates/syscalls.txt index 0775f60ff..3992c984a 100644 --- a/etc/templates/syscalls.txt +++ b/etc/templates/syscalls.txt | |||
@@ -33,7 +33,7 @@ Definition of groups | |||
33 | @clock=adjtimex,clock_adjtime,clock_settime,settimeofday,stime | 33 | @clock=adjtimex,clock_adjtime,clock_settime,settimeofday,stime |
34 | @cpu-emulation=modify_ldt,subpage_prot,switch_endian,vm86,vm86old | 34 | @cpu-emulation=modify_ldt,subpage_prot,switch_endian,vm86,vm86old |
35 | @debug=lookup_dcookie,perf_event_open,process_vm_writev,rtas,s390_runtime_instr,sys_debug_setcontext | 35 | @debug=lookup_dcookie,perf_event_open,process_vm_writev,rtas,s390_runtime_instr,sys_debug_setcontext |
36 | @default=@clock,@cpu-emulation,@debug,@module,@mount,@obsolete,@raw-io,@reboot,@swap,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,kcmp,add_key,request_key,mbind,migrate_pages,move_pages,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,set_mempolicyvmsplice,userfaultfd,acct,bpf,nfsservctl,setdomainname,sethostname,vhangup | 36 | @default=@clock,@cpu-emulation,@debug,@module,@mount,@obsolete,@raw-io,@reboot,@swap,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,add_key,request_key,mbind,migrate_pages,move_pages,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,set_mempolicyvmsplice,userfaultfd,acct,bpf,nfsservctl,setdomainname,sethostname,vhangup |
37 | @default-nodebuggers=@default,ptrace,personality,process_vm_readv | 37 | @default-nodebuggers=@default,ptrace,personality,process_vm_readv |
38 | @default-keep=execveat,execve,prctl | 38 | @default-keep=execveat,execve,prctl |
39 | @file-system=access,chdir,chmod,close,creat,faccessat,faccessat2,fallocate,fchdir,fchmod,fchmodat,fcntl,fcntl64,fgetxattr,flistxattr,fremovexattr,fsetxattr,fstat,fstat64,fstatat64,fstatfs,fstatfs64,ftruncate,ftruncate64,futimesat,getcwd,getdents,getdents64,getxattr,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,lgetxattr,link,linkat,listxattr,llistxattr,lremovexattr,lsetxattr,lstat,lstat64,mkdir,mkdirat,mknod,mknodat,mmap,mmap2,munmap,newfstatat,oldfstat,oldlstat,oldstat,open,openat,readlink,readlinkat,removexattr,rename,renameat,renameat2,rmdir,setxattr,stat,stat64,statfs,statfs64,statx,symlink,symlinkat,truncate,truncate64,unlink,unlinkat,utime,utimensat,utimes | 39 | @file-system=access,chdir,chmod,close,creat,faccessat,faccessat2,fallocate,fchdir,fchmod,fchmodat,fcntl,fcntl64,fgetxattr,flistxattr,fremovexattr,fsetxattr,fstat,fstat64,fstatat64,fstatfs,fstatfs64,ftruncate,ftruncate64,futimesat,getcwd,getdents,getdents64,getxattr,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,lgetxattr,link,linkat,listxattr,llistxattr,lremovexattr,lsetxattr,lstat,lstat64,mkdir,mkdirat,mknod,mknodat,mmap,mmap2,munmap,newfstatat,oldfstat,oldlstat,oldstat,open,openat,readlink,readlinkat,removexattr,rename,renameat,renameat2,rmdir,setxattr,stat,stat64,statfs,statfs64,statx,symlink,symlinkat,truncate,truncate64,unlink,unlinkat,utime,utimensat,utimes |
diff --git a/src/lib/syscall.c b/src/lib/syscall.c index b3131ac17..d0d9ff5aa 100644 --- a/src/lib/syscall.c +++ b/src/lib/syscall.c | |||
@@ -253,9 +253,6 @@ static const SyscallGroupList sysgroups[] = { | |||
253 | #ifdef SYS_fanotify_init | 253 | #ifdef SYS_fanotify_init |
254 | "fanotify_init," | 254 | "fanotify_init," |
255 | #endif | 255 | #endif |
256 | #ifdef SYS_kcmp | ||
257 | "kcmp," | ||
258 | #endif | ||
259 | #ifdef SYS_add_key | 256 | #ifdef SYS_add_key |
260 | "add_key," | 257 | "add_key," |
261 | #endif | 258 | #endif |