summaryrefslogtreecommitdiff
path: root/src/shared/seccomp-util.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-10-21 21:15:43 +0200
committerLennart Poettering <lennart@poettering.net>2016-10-24 17:32:50 +0200
commit60f547cf684d27e8c0e7ff44663650e90f9e0bcf (patch)
tree23507469f691bc7552a0c8aa07144f6f02da53e6 /src/shared/seccomp-util.c
parent8d7b0c8fd780e88ab5a6d1d79e09e27247245bee (diff)
seccomp: two fixes for the syscall set tables
"oldumount()" is not a syscall, but simply a wrapper for it, the actual syscall nr is called "umount" (and the nr of umount() is called umount2 internally). "sysctl()" is not a syscall, but "_syscall()" is. Fix this in the table. Without these changes libseccomp cannot actually translate the tables in full. This wasn't noticed before as the code was written defensively for this case.
Diffstat (limited to 'src/shared/seccomp-util.c')
-rw-r--r--src/shared/seccomp-util.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 0b9fa47c44..f1e9de05b2 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -272,7 +272,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
.value =
"chroot\0"
"mount\0"
- "oldumount\0"
"pivot_root\0"
"umount2\0"
"umount\0"
@@ -371,7 +370,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"setuid\0"
"swapoff\0"
"swapon\0"
- "sysctl\0"
+ "_sysctl\0"
"vhangup\0"
},
[SYSCALL_FILTER_SET_PROCESS] = {