summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-10-25 15:42:10 +0200
committerLennart Poettering <lennart@poettering.net>2016-11-02 08:49:59 -0600
commita8c157ff3081ee963adb0d046015abf9a271fa67 (patch)
treea4bec5443d4b336d8939360905a07b9fa96b55ea /src
parentc79aff9a82abf361aea47b5c745ed9729c5f0212 (diff)
seccomp: drop execve() from @process list
The system call is already part in @default hence implicitly allowed anyway. Also, if it is actually blocked then systemd couldn't execute the service in question anymore, since the application of seccomp is immediately followed by it.
Diffstat (limited to 'src')
-rw-r--r--src/shared/seccomp-util.c1
1 files changed, 0 insertions, 1 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index ad5782fb29..70723e9e4e 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -443,7 +443,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
.value =
"arch_prctl\0"
"clone\0"
- "execve\0"
"execveat\0"
"fork\0"
"kill\0"