shared: Add ProtectKernelLogs property

Add seccomp_protect_syslog, which adds a filter rule for the syslog system call.
author: Kevin Kuehler <keur@xcf.berkeley.edu> 2019-11-04 17:17:01 -0800
committer: Kevin Kuehler <keur@xcf.berkeley.edu> 2019-11-11 12:11:56 -0800
commit: 620dbdd2489515696d53b90c061208b43b65aafa (patch)
tree: 28650bd0736aa32e908244b31fc4f60ef6a85928 /src/shared/seccomp-util.h
parent: a602d93e4408ebff61729dbf7d06d42874e99574 (diff)
download: systemd-620dbdd2489515696d53b90c061208b43b65aafa.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index b29082a488..0b48e74a87 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -82,6 +82,7 @@ int seccomp_parse_syscall_filter(
 int seccomp_restrict_archs(Set *archs);
 int seccomp_restrict_namespaces(unsigned long retain);
 int seccomp_protect_sysctl(void);
+int seccomp_protect_syslog(void);
 int seccomp_restrict_address_families(Set *address_families, bool whitelist);
 int seccomp_restrict_realtime(void);
 int seccomp_memory_deny_write_execute(void);
author	Kevin Kuehler <keur@xcf.berkeley.edu>	2019-11-04 17:17:01 -0800
committer	Kevin Kuehler <keur@xcf.berkeley.edu>	2019-11-11 12:11:56 -0800
commit	620dbdd2489515696d53b90c061208b43b65aafa (patch)
tree	28650bd0736aa32e908244b31fc4f60ef6a85928 /src/shared/seccomp-util.h
parent	a602d93e4408ebff61729dbf7d06d42874e99574 (diff)
download	systemd-620dbdd2489515696d53b90c061208b43b65aafa.tar.gz