seccomp: add new @setuid seccomp group

This new group lists all UID/GID credential changing syscalls (which are quite a number these days). This will become particularly useful in a later commit, which uses this group to optionally permit user credential changing to daemons in case ambient capabilities are not available.
author: Lennart Poettering <lennart@poettering.net> 2017-08-09 15:04:05 +0200
committer: Lennart Poettering <lennart@poettering.net> 2017-08-10 15:02:50 +0200
commit: 6eaaeee93a07eaa3108f99cd71d06af1adb68786 (patch)
tree: 473a13303ac09fa4d1afb783278de46dc23b66b2 /src/shared/seccomp-util.h
parent: 8f2c2f20b6383d7528ad86a26780b36f2a02e2d3 (diff)
download: systemd-6eaaeee93a07eaa3108f99cd71d06af1adb68786.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index 596539e8f5..f6b6889460 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -58,6 +58,7 @@ enum {
         SYSCALL_FILTER_SET_RAW_IO,
         SYSCALL_FILTER_SET_REBOOT,
         SYSCALL_FILTER_SET_RESOURCES,
+        SYSCALL_FILTER_SET_SETUID,
         SYSCALL_FILTER_SET_SWAP,
         _SYSCALL_FILTER_SET_MAX
 };
author	Lennart Poettering <lennart@poettering.net>	2017-08-09 15:04:05 +0200
committer	Lennart Poettering <lennart@poettering.net>	2017-08-10 15:02:50 +0200
commit	6eaaeee93a07eaa3108f99cd71d06af1adb68786 (patch)
tree	473a13303ac09fa4d1afb783278de46dc23b66b2 /src/shared/seccomp-util.h
parent	8f2c2f20b6383d7528ad86a26780b36f2a02e2d3 (diff)
download	systemd-6eaaeee93a07eaa3108f99cd71d06af1adb68786.tar.gz