diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-06-10 17:43:38 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-06-13 16:25:54 +0200 |
commit | 1f9ac68b5bc671f1f8b0a32084810d39394208a6 (patch) | |
tree | 265be3fb33a2d24bb17008a866aa2032d7460f88 /units/systemd-machined.service.in | |
parent | 50b52222f2d54a3c4d81e0e5987a0400cbcefb53 (diff) |
core: improve seccomp syscall grouping a bit
This adds three new seccomp syscall groups: @keyring for kernel keyring access,
@cpu-emulation for CPU emulation features, for exampe vm86() for dosemu and
suchlike, and @debug for ptrace() and related calls.
Also, the @clock group is updated with more syscalls that alter the system
clock. capset() is added to @privileged, and pciconfig_iobase() is added to
@raw-io.
Finally, @obsolete is a cleaned up. A number of syscalls that never existed on
Linux and have no number assigned on any architecture are removed, as they only
exist in the man pages and other operating sytems, but not in code at all.
create_module() is moved from @module to @obsolete, as it is an obsolete system
call. mem_getpolicy() is removed from the @obsolete list, as it is not
obsolete, but simply a NUMA API.
Diffstat (limited to 'units/systemd-machined.service.in')
0 files changed, 0 insertions, 0 deletions