From d69d2968066b8be3434864c7bbe7d6ead6ae41d3 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 23 Jan 2019 11:48:39 -0500 Subject: removed mincore syscall from default seccomp filter --- src/fseccomp/syscall.c | 6 +++--- src/man/firejail.txt | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index b17d86a0b..3f5fbbbfa 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c @@ -170,9 +170,9 @@ static const SyscallGroupList sysgroups[] = { #ifdef SYS_userfaultfd "userfaultfd," #endif -#ifdef SYS_mincore // 0.9.57 - "mincore" -#endif +//#ifdef SYS_mincore // 0.9.57 - problem fixed in Linux kernel 5.0; on 4.x it will break kodi, mpv, totem +// "mincore" +//#endif }, { .name = "@default-nodebuggers", .list = "@default," diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 0d402ef36..2d0bd26d0 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1700,7 +1700,7 @@ Enable seccomp filter and blacklist the syscalls in the default list (@default). _sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime, create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module, io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load, -kexec_load, keyctl, lock, lookup_dcookie, mbind, migrate_pages, modify_ldt, mount, mincore, move_pages, mpx, +kexec_load, keyctl, lock, lookup_dcookie, mbind, migrate_pages, modify_ldt, mount, move_pages, mpx, name_to_handle_at, nfsservctl, ni_syscall, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open, personality, pivot_root, process_vm_readv, process_vm_writev, prof, profil, ptrace, putpmsg, query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr, -- cgit v1.2.3-54-g00ecf