seccomp: explain why we use setuid rather than @setuid in @privileged

author: Lennart Poettering <lennart@poettering.net> 2018-04-18 21:45:44 +0200
committer: Lennart Poettering <lennart@poettering.net> 2018-06-14 17:44:20 +0200
commit: e05ee49b144110b1ecff030cdadc439604152f16 (patch)
tree: 8b5ce33361aad92f4296c1fc790499203c32b832 /src/shared/seccomp-util.c
parent: 705268414f6ba6aa96c56d6c39b5ebf74426e847 (diff)
download: systemd-e05ee49b144110b1ecff030cdadc439604152f16.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 4a02d8c35f..c433cb90dc 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -632,7 +632,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "setresuid32\0"
                 "setreuid\0"
                 "setreuid32\0"
-                "setuid\0"
+                "setuid\0"      /* We list the explicit system calls here, as @setuid also includes setgid() which is not necessarily privileged */
                 "setuid32\0"
                 "vhangup\0"
         },
author	Lennart Poettering <lennart@poettering.net>	2018-04-18 21:45:44 +0200
committer	Lennart Poettering <lennart@poettering.net>	2018-06-14 17:44:20 +0200
commit	e05ee49b144110b1ecff030cdadc439604152f16 (patch)
tree	8b5ce33361aad92f4296c1fc790499203c32b832 /src/shared/seccomp-util.c
parent	705268414f6ba6aa96c56d6c39b5ebf74426e847 (diff)
download	systemd-e05ee49b144110b1ecff030cdadc439604152f16.tar.gz