seccomp: include prlimit64 and ugetrlimit in @default

Also, move prlimit64() out of @resources.

prlimit64() may be used both for getting and setting resource limits, and
is implicitly called by glibc at various places, on some archs, the same
was as getrlimit(). SImilar, igetrlimit() is an arch-specific
replacement for getrlimit(), and hence should be whitelisted at the same
place as getrlimit() and prlimit64().

Also see: https://lists.freedesktop.org/archives/systemd-devel/2017-September/039543.html

1 files changed, 0 insertions, 1 deletions

diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index 196766dc98..92d8103ad5 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -136,7 +136,6 @@ static int seccomp_add_default_syscall_filter(
                 { 0,                  "syncfs"                 },
                 { 0,                  "sysinfo"                },
                 { 0,                  "tee"                    },
-                { 0,                  "ugetrlimit"             },
                 { 0,                  "umask"                  },
                 { 0,                  "uname"                  },
                 { 0,                  "userfaultfd"            },