diff options
Diffstat (limited to 'etc/templates/syscalls.txt')
-rw-r--r-- | etc/templates/syscalls.txt | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/templates/syscalls.txt b/etc/templates/syscalls.txt index ec8247517..2464df9ee 100644 --- a/etc/templates/syscalls.txt +++ b/etc/templates/syscalls.txt | |||
@@ -4,19 +4,19 @@ Hints for writing seccomp.drop lines | |||
4 | @clock=adjtimex,clock_adjtime,clock_settime,settimeofday,stime | 4 | @clock=adjtimex,clock_adjtime,clock_settime,settimeofday,stime |
5 | @module=delete_module,finit_module,init_module | 5 | @module=delete_module,finit_module,init_module |
6 | @raw-io=ioperm,iopl,pciconfig_iobase,pciconfig_read,pciconfig_write,s390_mmio_read,s390_mmio_write | 6 | @raw-io=ioperm,iopl,pciconfig_iobase,pciconfig_read,pciconfig_write,s390_mmio_read,s390_mmio_write |
7 | @reboot=kexec_load,kexec_file_load,reboot, | 7 | @reboot=kexec_file_load,kexec_load,reboot |
8 | @swap=swapon,swapoff | 8 | @swap=swapoff,swapon |
9 | 9 | ||
10 | @privileged=@clock,@module,@raw-io,@reboot,@swap,acct,bpf,chroot,mount,nfsservctl,pivot_root,setdomainname,sethostname,umount2,vhangup | 10 | @privileged=@clock,@module,@raw-io,@reboot,@swap,acct,bpf,chroot,mount,nfsservctl,pivot_root,setdomainname,sethostname,umount2,vhangup |
11 | 11 | ||
12 | @cpu-emulation=modify_ldt,subpage_prot,switch_endian,vm86,vm86old | 12 | @cpu-emulation=modify_ldt,subpage_prot,switch_endian,vm86,vm86old |
13 | @debug=lookup_dcookie,perf_event_open,process_vm_writev,rtas,s390_runtime_instr,sys_debug_setcontext | 13 | @debug=lookup_dcookie,perf_event_open,process_vm_writev,rtas,s390_runtime_instr,sys_debug_setcontext |
14 | @obsolete=_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver | 14 | @obsolete=_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver |
15 | @resources=set_mempolicy,migrate_pages,move_pages,mbind | 15 | @resources=mbind,migrate_pages,move_pages,set_mempolicy |
16 | 16 | ||
17 | @default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,kcmp,add_key,request_key,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,vmsplice,umount,userfaultfd,mincore | 17 | @default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,ioprio_set,io_setup,io_submit,kcmp,keyctl,mincore,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
18 | 18 | ||
19 | @default-nodebuggers=@default,ptrace,personality,process_vm_readv | 19 | @default-nodebuggers=@default,personality,process_vm_readv,ptrace |
20 | 20 | ||
21 | @default-keep=execve,prctl | 21 | @default-keep=execve,prctl |
22 | 22 | ||