seccomp-util: add cacheflush() syscall to @default syscall set
This is like membarrier() I guess and basically just exposes CPU functionality via kernel syscall on some archs. Let's whitelist it for everyone. Fixes: #17197
This commit is contained in:
parent
4796a4fba9
commit
8e24b1d23f
|
@ -272,6 +272,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
|
|||
.name = "@default",
|
||||
.help = "System calls that are always permitted",
|
||||
.value =
|
||||
"cacheflush\0"
|
||||
"clock_getres\0"
|
||||
"clock_getres_time64\0"
|
||||
"clock_gettime\0"
|
||||
|
|
Loading…
Reference in New Issue