seccomp: add four new syscall groups

These groups should be useful shortcuts for sets of closely related syscalls where it usually makes more sense to allow them altogether or not at all.
author: Lennart Poettering <lennart@poettering.net> 2017-09-13 19:55:16 +0200
committer: Lennart Poettering <lennart@poettering.net> 2017-09-14 15:45:21 +0200
commit: cd0ddf6f754ec364c0ec69bd4bb51f566065290e (patch)
tree: 37dfbb19f317f32e389976ee74645368da36b834 /src/shared/seccomp-util.h
parent: 0963c053fa59b6fe3a40da1e05c0ca9c4c54eb46 (diff)
download: systemd-cd0ddf6f754ec364c0ec69bd4bb51f566065290e.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index c1612f5894..d4ff027df8 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -44,11 +44,13 @@ enum {
         SYSCALL_FILTER_SET_BASIC_IO,
         SYSCALL_FILTER_SET_CLOCK,
         SYSCALL_FILTER_SET_CPU_EMULATION,
+        SYSCALL_FILTER_SET_CREDENTIALS,
         SYSCALL_FILTER_SET_DEBUG,
         SYSCALL_FILTER_SET_FILE_SYSTEM,
         SYSCALL_FILTER_SET_IO_EVENT,
         SYSCALL_FILTER_SET_IPC,
         SYSCALL_FILTER_SET_KEYRING,
+        SYSCALL_FILTER_SET_MEMLOCK,
         SYSCALL_FILTER_SET_MODULE,
         SYSCALL_FILTER_SET_MOUNT,
         SYSCALL_FILTER_SET_NETWORK_IO,
@@ -59,7 +61,9 @@ enum {
         SYSCALL_FILTER_SET_REBOOT,
         SYSCALL_FILTER_SET_RESOURCES,
         SYSCALL_FILTER_SET_SETUID,
+        SYSCALL_FILTER_SET_SIGNAL,
         SYSCALL_FILTER_SET_SWAP,
+        SYSCALL_FILTER_SET_TIMER,
         _SYSCALL_FILTER_SET_MAX
 };
author	Lennart Poettering <lennart@poettering.net>	2017-09-13 19:55:16 +0200
committer	Lennart Poettering <lennart@poettering.net>	2017-09-14 15:45:21 +0200
commit	cd0ddf6f754ec364c0ec69bd4bb51f566065290e (patch)
tree	37dfbb19f317f32e389976ee74645368da36b834 /src/shared/seccomp-util.h
parent	0963c053fa59b6fe3a40da1e05c0ca9c4c54eb46 (diff)
download	systemd-cd0ddf6f754ec364c0ec69bd4bb51f566065290e.tar.gz