summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/shared/seccomp-util.c36
-rw-r--r--src/shared/seccomp-util.h3
2 files changed, 20 insertions, 19 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index c9b24f1065..325dcc866e 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -217,6 +217,24 @@ bool is_seccomp_available(void) {
}
const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
+ [SYSCALL_FILTER_SET_DEFAULT] = {
+ /* Default list: the most basic of operations */
+ .name = "@default",
+ .value =
+ "clock_getres\0"
+ "clock_gettime\0"
+ "clock_nanosleep\0"
+ "execve\0"
+ "exit\0"
+ "exit_group\0"
+ "getrlimit\0" /* make sure processes can query stack size and such */
+ "gettimeofday\0"
+ "nanosleep\0"
+ "pause\0"
+ "rt_sigreturn\0"
+ "sigreturn\0"
+ "time\0"
+ },
[SYSCALL_FILTER_SET_BASIC_IO] = {
/* Basic IO */
.name = "@basic-io",
@@ -270,24 +288,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
#endif
"sys_debug_setcontext\0"
},
- [SYSCALL_FILTER_SET_DEFAULT] = {
- /* Default list: the most basic of operations */
- .name = "@default",
- .value =
- "clock_getres\0"
- "clock_gettime\0"
- "clock_nanosleep\0"
- "execve\0"
- "exit\0"
- "exit_group\0"
- "getrlimit\0" /* make sure processes can query stack size and such */
- "gettimeofday\0"
- "nanosleep\0"
- "pause\0"
- "rt_sigreturn\0"
- "sigreturn\0"
- "time\0"
- },
[SYSCALL_FILTER_SET_IO_EVENT] = {
/* Event loop use */
.name = "@io-event",
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index 8e209efef2..ce7417b0ba 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -38,11 +38,12 @@ typedef struct SyscallFilterSet {
} SyscallFilterSet;
enum {
+ /* Please leave DEFAULT first, but sort the rest alphabetically */
+ SYSCALL_FILTER_SET_DEFAULT,
SYSCALL_FILTER_SET_BASIC_IO,
SYSCALL_FILTER_SET_CLOCK,
SYSCALL_FILTER_SET_CPU_EMULATION,
SYSCALL_FILTER_SET_DEBUG,
- SYSCALL_FILTER_SET_DEFAULT,
SYSCALL_FILTER_SET_IO_EVENT,
SYSCALL_FILTER_SET_IPC,
SYSCALL_FILTER_SET_KEYRING,