summaryrefslogtreecommitdiff
path: root/src/shared/seccomp-util.h
AgeCommit message (Expand)AuthorFilesLines
2018-09-24seccomp: reduce logging about failure to add syscall to seccompZbigniew Jędrzejewski-Szmek1-3/+3
2018-06-14seccomp: add new system call filter, suitable as default whitelist for system...Lennart Poettering1-0/+1
2018-06-14tree-wide: remove Lennart's copyright linesLennart Poettering1-4/+0
2018-06-14tree-wide: drop 'This file is part of systemd' blurbLennart Poettering1-2/+0
2018-06-12tree-wide: unify how we define bit mak enumsLennart Poettering1-4/+4
2018-04-06tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek1-13/+0
2018-02-27seccomp: rework functions for parsing system call filtersLennart Poettering1-16/+13
2017-12-23core,seccomp: fix logic to parse syscall filter in dbus-execute.cYu Watanabe1-0/+18
2017-11-19Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek1-0/+1
2017-11-11core: add support to specify errno in SystemCallFilter=Yu Watanabe1-2/+2
2017-10-05seccomp: add three more seccomp groupsLennart Poettering1-0/+3
2017-10-03seccomp: remove '@credentials' syscall set (#6958)Djalal Harouni1-1/+0
2017-09-14seccomp: add four new syscall groupsLennart Poettering1-0/+4
2017-09-12nspawn: implement configurable syscall whitelisting/blacklistingLennart Poettering1-1/+1
2017-09-11seccomp: split out inner loop code of seccomp_add_syscall_filter_set()Lennart Poettering1-0/+2
2017-08-29seccomp: LockPersonality boolean (#6193)Topi Miettinen1-0/+1
2017-08-10core: add two new special ExecStart= character prefixesLennart Poettering1-0/+2
2017-08-10seccomp: add new @setuid seccomp groupLennart Poettering1-0/+1
2017-08-07seccomp-util: add parse_syscall_archs()Yu Watanabe1-0/+2
2017-05-10seccomp: enable RestrictAddressFamilies on ppc64, autodetect SECCOMP_RESTRICT...Zbigniew Jędrzejewski-Szmek1-8/+0
2017-05-07seccomp: assume clone() arg order is known on all architecturesZbigniew Jędrzejewski-Szmek1-7/+0
2017-05-07seccomp: drop SECCOMP_MEMORY_DENY_WRITE_EXECUTE_BROKEN, add test for shmatZbigniew Jędrzejewski-Szmek1-7/+0
2017-05-03seccomp: add clone syscall definitions for mips (#5880)James Cowgill1-1/+1
2017-02-14Define clone order on ppc (#5325)Zbigniew Jędrzejewski-Szmek1-1/+1
2017-02-08seccomp: on s390 the clone() parameters are reversedLennart Poettering1-0/+7
2017-02-08seccomp: MemoryDenyWriteExecute= should affect both mmap() and mmap2() (#5254)Lennart Poettering1-0/+7
2017-02-06seccomp: RestrictAddressFamilies= is not supported on i386/s390/s390x, make i...Lennart Poettering1-0/+8
2017-01-17seccomp: rework seccomp code, to improve compat with some archsLennart Poettering1-6/+19
2016-12-27seccomp: add two new filter sets: @reboot and @swapLennart Poettering1-0/+2
2016-11-21seccomp: add @filesystem syscall group (#4537)Lennart Poettering1-0/+1
2016-11-04core: add new RestrictNamespaces= unit file settingLennart Poettering1-0/+2
2016-11-03seccomp-util, analyze: export comments as a help stringZbigniew Jędrzejewski-Szmek1-0/+1
2016-11-03seccomp-util: move @default to the first positionZbigniew Jędrzejewski-Szmek1-1/+2
2016-11-02seccomp: add two new syscall groupsLennart Poettering1-0/+2
2016-10-24seccomp: add test-seccomp test toolLennart Poettering1-0/+1
2016-10-24seccomp: add new helper call seccomp_load_filter_set()Lennart Poettering1-0/+2
2016-10-24seccomp: add new seccomp_init_conservative() helperLennart Poettering1-1/+3
2016-10-24core: rework syscall filter set handlingLennart Poettering1-5/+27
2016-08-22core: do not fail at step SECCOMP if there is no kernel support (#4004)Felipe Sateler1-0/+2
2016-06-01core: add pre-defined syscall groups to SystemCallFilter= (#3053) (#3157)Topi Miettinen1-0/+7
2016-02-10tree-wide: remove Emacs lines from all filesDaniel Mack1-2/+0
2015-12-06shared: include what we useThomas Hindoe Paaboel Andersen1-0/+1
2014-12-12seccomp-util.h: make sure seccomp-util.h can be included aloneLennart Poettering1-0/+1
2014-02-18seccomp: add helper call to add all secondary archs to a seccomp filterLennart Poettering1-0/+2
2014-02-13core: add SystemCallArchitectures= unit setting to allow disabling of non-nativeLennart Poettering1-0/+26
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 21:21:46 +0000