diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-03-25 13:39:27 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-25 13:39:27 +0900 |
commit | 363ed187309ddc5712a7f1a4959c346fc9659621 (patch) | |
tree | 27de5a2bc10591d5093e5308fea34b97e1f1e110 /man | |
parent | b5a70eeecdb593f8498c0bc163d5a12297cfb55d (diff) | |
parent | f452e0461fca01d92b8e367b6ad22459a2c641ff (diff) | |
download | systemd-363ed187309ddc5712a7f1a4959c346fc9659621.tar.gz |
Merge pull request #26960 from poettering/syscall-catchup
syscall filter group updates
Diffstat (limited to 'man')
-rw-r--r-- | man/systemd.exec.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 4001123a96..17be33c56a 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -2351,6 +2351,10 @@ RestrictNamespaces=~cgroup net</programlisting> <entry>Unusual, obsolete or unimplemented (<citerefentry project='man-pages'><refentrytitle>create_module</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>gtty</refentrytitle><manvolnum>2</manvolnum></citerefentry>, …)</entry> </row> <row> + <entry>@pkey</entry> + <entry>System calls that deal with memory protection keys (<citerefentry project='man-pages'><refentrytitle>pkeys</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> + </row> + <row> <entry>@privileged</entry> <entry>All system calls which need super-user capabilities (<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> </row> @@ -2371,6 +2375,10 @@ RestrictNamespaces=~cgroup net</programlisting> <entry>System calls for changing resource limits, memory and scheduling parameters (<citerefentry project='man-pages'><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>, …)</entry> </row> <row> + <entry>@sandbox</entry> + <entry>System calls for sandboxing programs (<citerefentry project='man-pages'><refentrytitle>seccomp</refentrytitle><manvolnum>2</manvolnum></citerefentry>, Landlock system calls, …)</entry> + </row> + <row> <entry>@setuid</entry> <entry>System calls for changing user ID and group ID credentials, (<citerefentry project='man-pages'><refentrytitle>setuid</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>setgid</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>setresuid</refentrytitle><manvolnum>2</manvolnum></citerefentry>, …)</entry> </row> |