summaryrefslogtreecommitdiff
path: root/units/systemd-machined.service.in
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-06-10 17:43:38 +0200
committerLennart Poettering <lennart@poettering.net>2016-06-13 16:25:54 +0200
commit1f9ac68b5bc671f1f8b0a32084810d39394208a6 (patch)
tree265be3fb33a2d24bb17008a866aa2032d7460f88 /units/systemd-machined.service.in
parent50b52222f2d54a3c4d81e0e5987a0400cbcefb53 (diff)
core: improve seccomp syscall grouping a bit
This adds three new seccomp syscall groups: @keyring for kernel keyring access, @cpu-emulation for CPU emulation features, for exampe vm86() for dosemu and suchlike, and @debug for ptrace() and related calls. Also, the @clock group is updated with more syscalls that alter the system clock. capset() is added to @privileged, and pciconfig_iobase() is added to @raw-io. Finally, @obsolete is a cleaned up. A number of syscalls that never existed on Linux and have no number assigned on any architecture are removed, as they only exist in the man pages and other operating sytems, but not in code at all. create_module() is moved from @module to @obsolete, as it is an obsolete system call. mem_getpolicy() is removed from the @obsolete list, as it is not obsolete, but simply a NUMA API.
Diffstat (limited to 'units/systemd-machined.service.in')
0 files changed, 0 insertions, 0 deletions