summaryrefslogtreecommitdiff
path: root/src/shared/seccomp-util.c
Commit message (Expand)AuthorAgeFilesLines
* seccomp: reduce logging about failure to add syscall to seccompZbigniew Jędrzejewski-Szmek2019-05-021-26/+31
* seccomp: explain why we use setuid rather than @setuid in @privilegedLennart Poettering2018-06-141-1/+1
* seccomp: add new system call filter, suitable as default whitelist for system...Lennart Poettering2018-06-141-0/+69
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
* nsflsgs: drop namespace_flag_{from,to}_string()Yu Watanabe2018-05-051-1/+1
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
* tree-wide: use TAKE_PTR() and TAKE_FD() macrosYu Watanabe2018-04-051-2/+1
* Partially revert "seccomp: add mmap and address family restrictions for MIPS"...James Cowgill2018-03-231-10/+4
* seccomp: add mmap and address family restrictions for MIPS (#8547)James Cowgill2018-03-221-4/+16
* seccomp: enable RestrictAddressFamilies on ppc (#8505)Mathieu Malaterre2018-03-201-1/+1
* seccomp: rework functions for parsing system call filtersLennart Poettering2018-02-271-15/+19
* seccomp: allow x86-64 syscalls on x32, used by the VDSO (fix #8060)Alan Jenkins2018-02-021-4/+22
* seccomp-util: fix alarming debug message (#8002, #8001)Alan Jenkins2018-01-311-1/+1
* Merge pull request #7695 from yuwata/transient-socketLennart Poettering2017-12-231-0/+59
|\
| * core,seccomp: fix logic to parse syscall filter in dbus-execute.cYu Watanabe2017-12-231-0/+59
* | shared/seccomp: add mmap handling for powerpcMathieu Malaterre2017-12-221-1/+2
|/
* tree-wide: add DEBUG_LOGGING macro that checks whether debug logging is on (#...Lennart Poettering2017-12-151-1/+1
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
* shared/seccomp: skip pkey_mprotect protections if the syscall is unknownZbigniew Jędrzejewski-Szmek2017-11-131-0/+2
* shared/seccomp: disallow pkey_mprotect the same as mprotect for W^X mappings ...Zbigniew Jędrzejewski-Szmek2017-11-121-0/+6
* seccomp: include ARM set_tls in @default (#7297)Lennart Poettering2017-11-121-0/+1
* core: add support to specify errno in SystemCallFilter=Yu Watanabe2017-11-111-8/+14
* Fix typo in statx macro (#7180)Antonio Rojas2017-11-101-1/+1
* seccomp: port @privileged to use @reboot + @swapLennart Poettering2017-10-051-5/+2
* seccomp: there is no "kexec" syscallLennart Poettering2017-10-051-1/+1
* seccomp: add three more seccomp groupsLennart Poettering2017-10-051-7/+36
* seccomp: remove 'gettid' syscall from '@process' syscall set (#6989)Djalal Harouni2017-10-051-1/+0
* seccomp: ignore (and debug log) errors by all invocations of seccomp_rule_add...Lennart Poettering2017-10-051-2/+4
* seccomp: always handle seccomp_load() failing the same wayLennart Poettering2017-10-051-3/+7
* seccomp: react gracefully if we can't translate a syscall nameLennart Poettering2017-10-051-5/+6
* seccomp: include prlimit64 and ugetrlimit in @defaultLennart Poettering2017-10-051-1/+2
* seccomp: add sched_yield syscall to the @default syscall setDjalal Harouni2017-10-041-0/+1
* seccomp: remove '@credentials' syscall set (#6958)Djalal Harouni2017-10-031-28/+21
* seccomp: improve debug loggingLennart Poettering2017-09-141-2/+6
* seccomp: add four new syscall groupsLennart Poettering2017-09-141-0/+71
* seccomp: augment the @resources group a bitLennart Poettering2017-09-141-7/+9
* seccomp: beef up @process group a bitLennart Poettering2017-09-141-0/+10
* seccomp: "idle" is another obsolete syscallLennart Poettering2017-09-141-0/+1
* seccomp: order the syscalls in more groups alphabeticallyLennart Poettering2017-09-141-21/+21
* seccomp: let's update @file-system a bitLennart Poettering2017-09-141-10/+19
* seccomp: let's update base-io a bitLennart Poettering2017-09-141-1/+2
* seccomp: update "@default" seccomp group a bitLennart Poettering2017-09-141-0/+8
* nspawn: implement configurable syscall whitelisting/blacklistingLennart Poettering2017-09-121-6/+10
* seccomp: split out inner loop code of seccomp_add_syscall_filter_set()Lennart Poettering2017-09-111-22/+37
* seccomp: drop default_action parameter from seccomp_add_syscall_filter_set()Lennart Poettering2017-09-111-3/+2
* shared: add statx(2) to @file-system syscall filter list (#6738)Lennart Poettering2017-09-041-0/+1
* seccomp: rework seccomp_lock_personality() to apply filter to all archsLennart Poettering2017-08-291-11/+26
* seccomp: LockPersonality boolean (#6193)Topi Miettinen2017-08-291-0/+19
* core: add two new special ExecStart= character prefixesLennart Poettering2017-08-101-0/+38
View Lorry Controller Status