Merge pull request #26960 from poettering/syscall-catchup

syscall filter group updates
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2023-03-25 13:39:27 +0900
committer: GitHub <noreply@github.com> 2023-03-25 13:39:27 +0900
commit: 363ed187309ddc5712a7f1a4959c346fc9659621 (patch)
tree: 27de5a2bc10591d5093e5308fea34b97e1f1e110 /man
parent: b5a70eeecdb593f8498c0bc163d5a12297cfb55d (diff)
parent: f452e0461fca01d92b8e367b6ad22459a2c641ff (diff)
download: systemd-363ed187309ddc5712a7f1a4959c346fc9659621.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 4001123a96..17be33c56a 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -2351,6 +2351,10 @@ RestrictNamespaces=~cgroup net</programlisting>
                 <entry>Unusual, obsolete or unimplemented (<citerefentry project='man-pages'><refentrytitle>create_module</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>gtty</refentrytitle><manvolnum>2</manvolnum></citerefentry>, …)</entry>
               </row>
               <row>
+                <entry>@pkey</entry>
+                <entry>System calls that deal with memory protection keys (<citerefentry project='man-pages'><refentrytitle>pkeys</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
+              </row>
+              <row>
                 <entry>@privileged</entry>
                 <entry>All system calls which need super-user capabilities (<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
               </row>
@@ -2371,6 +2375,10 @@ RestrictNamespaces=~cgroup net</programlisting>
                 <entry>System calls for changing resource limits, memory and scheduling parameters (<citerefentry project='man-pages'><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>, …)</entry>
               </row>
               <row>
+                <entry>@sandbox</entry>
+                <entry>System calls for sandboxing programs (<citerefentry project='man-pages'><refentrytitle>seccomp</refentrytitle><manvolnum>2</manvolnum></citerefentry>, Landlock system calls, …)</entry>
+              </row>
+              <row>
                 <entry>@setuid</entry>
                 <entry>System calls for changing user ID and group ID credentials, (<citerefentry project='man-pages'><refentrytitle>setuid</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>setgid</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>setresuid</refentrytitle><manvolnum>2</manvolnum></citerefentry>, …)</entry>
               </row>
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2023-03-25 13:39:27 +0900
committer	GitHub <noreply@github.com>	2023-03-25 13:39:27 +0900
commit	363ed187309ddc5712a7f1a4959c346fc9659621 (patch)
tree	27de5a2bc10591d5093e5308fea34b97e1f1e110 /man
parent	b5a70eeecdb593f8498c0bc163d5a12297cfb55d (diff)
parent	f452e0461fca01d92b8e367b6ad22459a2c641ff (diff)
download	systemd-363ed187309ddc5712a7f1a4959c346fc9659621.tar.gz