diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-03-24 11:15:21 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-03-24 12:27:23 +0100 |
| commit | d12632a86103b5f9ff1ce61977661ad0c1e8a018 (patch) | |
| tree | c67e6822883d2d676219bf705f879de93a53677a /src/shared/seccomp-util.h | |
| parent | aadbd81f7ffbc313d0541c15455211dddeedbfde (diff) | |
| download | systemd-d12632a86103b5f9ff1ce61977661ad0c1e8a018.tar.gz | |
seccomp-util: add new @sandbox syscall group with landlock/seccomp
Let's group these 4 syscalls, as they offer similar things and I guess
might be used in conjunction quite often, as they offer unprivileged
sandboxing.
Fixes: #26913
Diffstat (limited to 'src/shared/seccomp-util.h')
| -rw-r--r-- | src/shared/seccomp-util.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h index 3f1a993e11..4f5b0249ad 100644 --- a/src/shared/seccomp-util.h +++ b/src/shared/seccomp-util.h @@ -49,6 +49,7 @@ enum { SYSCALL_FILTER_SET_RAW_IO, SYSCALL_FILTER_SET_REBOOT, SYSCALL_FILTER_SET_RESOURCES, + SYSCALL_FILTER_SET_SANDBOX, SYSCALL_FILTER_SET_SETUID, SYSCALL_FILTER_SET_SIGNAL, SYSCALL_FILTER_SET_SWAP, |