diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-10-25 15:42:10 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-11-02 08:49:59 -0600 |
commit | a8c157ff3081ee963adb0d046015abf9a271fa67 (patch) | |
tree | a4bec5443d4b336d8939360905a07b9fa96b55ea /src | |
parent | c79aff9a82abf361aea47b5c745ed9729c5f0212 (diff) |
seccomp: drop execve() from @process list
The system call is already part in @default hence implicitly allowed anyway.
Also, if it is actually blocked then systemd couldn't execute the service in
question anymore, since the application of seccomp is immediately followed by
it.
Diffstat (limited to 'src')
-rw-r--r-- | src/shared/seccomp-util.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index ad5782fb29..70723e9e4e 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -443,7 +443,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { .value = "arch_prctl\0" "clone\0" - "execve\0" "execveat\0" "fork\0" "kill\0" |