diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/templates/syscalls.txt | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/templates/syscalls.txt b/etc/templates/syscalls.txt index 2464df9ee..30ad6feea 100644 --- a/etc/templates/syscalls.txt +++ b/etc/templates/syscalls.txt | |||
@@ -14,7 +14,7 @@ Hints for writing seccomp.drop lines | |||
14 | @obsolete=_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver | 14 | @obsolete=_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver |
15 | @resources=mbind,migrate_pages,move_pages,set_mempolicy | 15 | @resources=mbind,migrate_pages,move_pages,set_mempolicy |
16 | 16 | ||
17 | @default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,ioprio_set,io_setup,io_submit,kcmp,keyctl,mincore,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 17 | @default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
18 | 18 | ||
19 | @default-nodebuggers=@default,personality,process_vm_readv,ptrace | 19 | @default-nodebuggers=@default,personality,process_vm_readv,ptrace |
20 | 20 | ||
@@ -41,3 +41,7 @@ Hints for writing seccomp.drop lines | |||
41 | | @default-nodebuggers | | 41 | | @default-nodebuggers | |
42 | +----------------------+ | 42 | +----------------------+ |
43 | 43 | ||
44 | |||
45 | @default without chroot: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pivot_root,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||
46 | |||
47 | @default-nodebuggers without chroot: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||