shared/seccomp: add note about clone2() being unimportant

In case anyone else starts wondering whether it should be listed as I did…
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2022-04-19 11:56:23 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2022-04-19 11:56:23 +0200
commit: c5503601e21d7eea67f07417a680237db238d50c (patch)
tree: cb88015c07c42eb262c357745b9d4072753c7085 /src/shared/seccomp-util.c
parent: hwdb: 60-keyboard: Add Acer Aspire One AO532h keymappings (diff)
download: systemd-c5503601e21d7eea67f07417a680237db238d50c.tar.xz
systemd-c5503601e21d7eea67f07417a680237db238d50c.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index c465bf58dd..50ad6bc244 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -718,6 +718,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 .value =
                 "capget\0"      /* Able to query arbitrary processes */
                 "clone\0"
+                /* ia64 as the only architecture has clone2, a replacement for clone, but ia64 doesn't
+                 * implement seccomp, so we don't need to list it at all. C.f.
+                 * acce2f71779c54086962fefce3833d886c655f62 in the kernel. */
                 "clone3\0"
                 "execveat\0"
                 "fork\0"
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2022-04-19 11:56:23 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2022-04-19 11:56:23 +0200
commit	c5503601e21d7eea67f07417a680237db238d50c (patch)
tree	cb88015c07c42eb262c357745b9d4072753c7085 /src/shared/seccomp-util.c
parent	hwdb: 60-keyboard: Add Acer Aspire One AO532h keymappings (diff)
download	systemd-c5503601e21d7eea67f07417a680237db238d50c.tar.xz systemd-c5503601e21d7eea67f07417a680237db238d50c.zip