summaryrefslogtreecommitdiff
path: root/man/systemd.exec.xml
diff options
context:
space:
mode:
authorYu Watanabe <watanabe.yu+github@gmail.com>2017-11-11 21:35:49 +0900
committerYu Watanabe <watanabe.yu+github@gmail.com>2017-11-11 21:54:12 +0900
commit8cfa775f4f116c5f56a140da268ea7b6072534e6 (patch)
tree7f88d52404e713e03c872c49a7c908fbbec479b3 /man/systemd.exec.xml
parent473d2ec39cc9f43c7918c4587c8984ec9235455f (diff)
downloadsystemd-8cfa775f4f116c5f56a140da268ea7b6072534e6.tar.gz
core: add support to specify errno in SystemCallFilter=
This makes each system call in SystemCallFilter= blacklist optionally takes errno name or number after a colon. The errno takes precedence over the one given by SystemCallErrorNumber=. C.f. #7173. Closes #7169.
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r--man/systemd.exec.xml7
1 files changed, 6 insertions, 1 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 6843c208ca..0aaccb9298 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1438,7 +1438,12 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
executed by the unit processes except for the listed ones will result in immediate process termination with the
<constant>SIGSYS</constant> signal (whitelisting). If the first character of the list is <literal>~</literal>,
the effect is inverted: only the listed system calls will result in immediate process termination
- (blacklisting). If running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant>
+ (blacklisting). Blacklisted system calls and system call groups may optionally be suffixed with a colon
+ (<literal>:</literal>) and <literal>errno</literal> error number (between 0 and 4095) or errno name such as
+ <constant>EPERM</constant>, <constant>EACCES</constant> or <constant>EUCLEAN</constant>. This value will be
+ returned when a blacklisted system call is triggered, instead of terminating the processes immediately.
+ This value takes precedence over the one given in <varname>SystemCallErrorNumber=</varname>.
+ If running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant>
capability (e.g. setting <varname>User=nobody</varname>), <varname>NoNewPrivileges=yes</varname> is
implied. This feature makes use of the Secure Computing Mode 2 interfaces of the kernel ('seccomp filtering')
and is useful for enforcing a minimal sandboxing environment. Note that the <function>execve</function>,