From 85bb547e4054ab147d393bf437998ad76043783a Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Sat, 19 Aug 2017 13:54:28 +0300
Subject: Postpone installation of seccomp filters just before execve

---
 src/fseccomp/syscall.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'src/fseccomp')

diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c
index 3a9be51a7..08ae5953d 100644
--- a/src/fseccomp/syscall.c
+++ b/src/fseccomp/syscall.c
@@ -182,12 +182,8 @@ static const SyscallGroupList sysgroups[] = {
 #endif
 	},
 	{ .name = "@default-keep", .list =
-	  "dup,"
 	  "execve,"
-	  "prctl,"
-	  "setgid,"
-	  "setgroups,"
-	  "setuid"
+	  "prctl"
 	},
 	{ .name = "@module", .list =
 #ifdef SYS_delete_module
-- 
cgit v1.2.3-54-g00ecf