diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-08 12:56:56 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-08 14:41:22 +0100 |
| commit | 9493b168717a445abb12f62c2503edd019e00ab5 (patch) | |
| tree | 796fe5a0c060633ce8ff8986b28321fb3b5694a6 /src/nspawn | |
| parent | 6ca677106992321326427c89a40e1c9673a499b2 (diff) | |
| download | systemd-9493b168717a445abb12f62c2503edd019e00ab5.tar.gz systemd-9493b168717a445abb12f62c2503edd019e00ab5.tar.bz2 systemd-9493b168717a445abb12f62c2503edd019e00ab5.zip | |
Add @pkey syscall group
Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=1769299.
This change doesn't solve the issue, but makes it easier to whitelist the
syscall group.
Diffstat (limited to 'src/nspawn')
| -rw-r--r-- | src/nspawn/nspawn-seccomp.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c index 9222f2bc84..0b39cda9ba 100644 --- a/src/nspawn/nspawn-seccomp.c +++ b/src/nspawn/nspawn-seccomp.c @@ -123,6 +123,7 @@ static int seccomp_add_default_syscall_filter( * @cpu-emulation * @keyring (NB: keyring is not namespaced!) * @obsolete + * @pkey * @swap * * bpf (NB: bpffs is not namespaced!) @@ -134,9 +135,6 @@ static int seccomp_add_default_syscall_filter( * nfsservctl * open_by_handle_at * perf_event_open - * pkey_alloc - * pkey_free - * pkey_mprotect * quotactl */ }; |