From 0963c053fa59b6fe3a40da1e05c0ca9c4c54eb46 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 13 Sep 2017 19:44:11 +0200
Subject: [PATCH] seccomp: augment the @resources group a bit

Given that sched_setattr/sched_setparam/sched_setscheduler are already
in the group the closely related nice + ioprio_set should also be
included.

Also, order things alphabetically.
---
 src/shared/seccomp-util.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index d96b449082..f4f4eb36d3 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -658,17 +658,19 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 .name = "@resources",
                 .help = "Alter resource settings",
                 .value =
-                "sched_setparam\0"
-                "sched_setscheduler\0"
-                "sched_setaffinity\0"
-                "setpriority\0"
-                "setrlimit\0"
-                "set_mempolicy\0"
+                "ioprio_set\0"
+                "mbind\0"
                 "migrate_pages\0"
                 "move_pages\0"
-                "mbind\0"
-                "sched_setattr\0"
+                "nice\0"
                 "prlimit64\0"
+                "sched_setaffinity\0"
+                "sched_setattr\0"
+                "sched_setparam\0"
+                "sched_setscheduler\0"
+                "set_mempolicy\0"
+                "setpriority\0"
+                "setrlimit\0"
         },
         [SYSCALL_FILTER_SET_SETUID] = {
                 .name = "@setuid",