seccomp-util: move @default to the first position
Now that the list is user-visible, @default should be first.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
parent
869feb3388
commit
40eb6a8014
|
|
@ -217,6 +217,24 @@ bool is_seccomp_available(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
|
const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
|
||||||
|
[SYSCALL_FILTER_SET_DEFAULT] = {
|
||||||
|
/* Default list: the most basic of operations */
|
||||||
|
.name = "@default",
|
||||||
|
.value =
|
||||||
|
"clock_getres\0"
|
||||||
|
"clock_gettime\0"
|
||||||
|
"clock_nanosleep\0"
|
||||||
|
"execve\0"
|
||||||
|
"exit\0"
|
||||||
|
"exit_group\0"
|
||||||
|
"getrlimit\0" /* make sure processes can query stack size and such */
|
||||||
|
"gettimeofday\0"
|
||||||
|
"nanosleep\0"
|
||||||
|
"pause\0"
|
||||||
|
"rt_sigreturn\0"
|
||||||
|
"sigreturn\0"
|
||||||
|
"time\0"
|
||||||
|
},
|
||||||
[SYSCALL_FILTER_SET_BASIC_IO] = {
|
[SYSCALL_FILTER_SET_BASIC_IO] = {
|
||||||
/* Basic IO */
|
/* Basic IO */
|
||||||
.name = "@basic-io",
|
.name = "@basic-io",
|
||||||
|
|
@ -270,24 +288,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
|
||||||
#endif
|
#endif
|
||||||
"sys_debug_setcontext\0"
|
"sys_debug_setcontext\0"
|
||||||
},
|
},
|
||||||
[SYSCALL_FILTER_SET_DEFAULT] = {
|
|
||||||
/* Default list: the most basic of operations */
|
|
||||||
.name = "@default",
|
|
||||||
.value =
|
|
||||||
"clock_getres\0"
|
|
||||||
"clock_gettime\0"
|
|
||||||
"clock_nanosleep\0"
|
|
||||||
"execve\0"
|
|
||||||
"exit\0"
|
|
||||||
"exit_group\0"
|
|
||||||
"getrlimit\0" /* make sure processes can query stack size and such */
|
|
||||||
"gettimeofday\0"
|
|
||||||
"nanosleep\0"
|
|
||||||
"pause\0"
|
|
||||||
"rt_sigreturn\0"
|
|
||||||
"sigreturn\0"
|
|
||||||
"time\0"
|
|
||||||
},
|
|
||||||
[SYSCALL_FILTER_SET_IO_EVENT] = {
|
[SYSCALL_FILTER_SET_IO_EVENT] = {
|
||||||
/* Event loop use */
|
/* Event loop use */
|
||||||
.name = "@io-event",
|
.name = "@io-event",
|
||||||
|
|
|
||||||
|
|
@ -38,11 +38,12 @@ typedef struct SyscallFilterSet {
|
||||||
} SyscallFilterSet;
|
} SyscallFilterSet;
|
||||||
|
|
||||||
enum {
|
enum {
|
||||||
|
/* Please leave DEFAULT first, but sort the rest alphabetically */
|
||||||
|
SYSCALL_FILTER_SET_DEFAULT,
|
||||||
SYSCALL_FILTER_SET_BASIC_IO,
|
SYSCALL_FILTER_SET_BASIC_IO,
|
||||||
SYSCALL_FILTER_SET_CLOCK,
|
SYSCALL_FILTER_SET_CLOCK,
|
||||||
SYSCALL_FILTER_SET_CPU_EMULATION,
|
SYSCALL_FILTER_SET_CPU_EMULATION,
|
||||||
SYSCALL_FILTER_SET_DEBUG,
|
SYSCALL_FILTER_SET_DEBUG,
|
||||||
SYSCALL_FILTER_SET_DEFAULT,
|
|
||||||
SYSCALL_FILTER_SET_IO_EVENT,
|
SYSCALL_FILTER_SET_IO_EVENT,
|
||||||
SYSCALL_FILTER_SET_IPC,
|
SYSCALL_FILTER_SET_IPC,
|
||||||
SYSCALL_FILTER_SET_KEYRING,
|
SYSCALL_FILTER_SET_KEYRING,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue