summaryrefslogtreecommitdiffstats
path: root/src/nspawn/nspawn-seccomp.c (follow)
Commit message (Expand)AuthorAgeFilesLines
* core: turn on higher optimization level in seccompZbigniew Jędrzejewski-Szmek2023-12-021-1/+1
* tree-wide: don't ifdef seccomp-util.h, drop seccomp.h inclusion everywhereLennart Poettering2023-08-211-6/+0
* nspawn,shared: make ERRNO_IS_SECCOMP_FATAL an inline func with _NEG_ variantZbigniew Jędrzejewski-Szmek2023-08-161-10/+10
* nspawn,shared: cleanup use of ERRNO_IS_SECCOMP_FATAL()Dmitry V. Levin2023-07-281-6/+8
* nspawn: realign columnsZbigniew Jędrzejewski-Szmek2022-12-131-79/+79
* nspawn: allow sched_rr_get_interval_time64 through seccomp filterSam James2022-11-181-0/+1
* strv: make iterator in STRV_FOREACH() declaread in the loopYu Watanabe2022-03-191-1/+0
* nspawn: remove outdated comment regarding bpffsIlya Dmitrichenko2020-12-141-1/+1
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
* seccomp: allow turning off of seccomp filtering via env varLennart Poettering2020-11-051-1/+1
* nspawn: turn on higher optimization level in seccompZbigniew Jędrzejewski-Szmek2020-08-241-0/+7
* nspawn: return ENOSYS by default, EPERM for "known" callsZbigniew Jędrzejewski-Szmek2020-08-241-5/+15
* shared/seccomp-util: added functionality to make list of filtred syscallsZbigniew Jędrzejewski-Szmek2020-08-241-2/+7
* tree-wide: avoid some loaded termsLennart Poettering2020-06-251-13/+13
* nspawn: log syscalls we cannot add at debug levelZbigniew Jędrzejewski-Szmek2019-11-221-4/+3
* Add @pkey syscall groupZbigniew Jędrzejewski-Szmek2019-11-081-3/+1
* seccomp: check more error codes from seccomp_load()Anita Zhang2019-04-121-2/+2
* headers: remove unneeded includes from util.hZbigniew Jędrzejewski-Szmek2019-03-271-0/+1
* seccomp: tighten checking of seccomp filter creationZbigniew Jędrzejewski-Szmek2018-09-241-9/+5
* seccomp: reduce logging about failure to add syscall to seccompZbigniew Jędrzejewski-Szmek2018-09-241-2/+2
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
* seccomp: add three more seccomp groupsLennart Poettering2017-10-051-20/+3
* seccomp: include prlimit64 and ugetrlimit in @defaultLennart Poettering2017-10-051-1/+0
* build-sys: use #if Y instead of #ifdef Y everywhereZbigniew Jędrzejewski-Szmek2017-10-041-3/+3
* seccomp: remove '@credentials' syscall set (#6958)Djalal Harouni2017-10-031-1/+1
* nspawn: replace syscall blacklist by a whitelistLennart Poettering2017-09-141-37/+156
* nspawn: implement configurable syscall whitelisting/blacklistingLennart Poettering2017-09-121-6/+18
* nspawn: replace homegrown seccomp filter table largely with references to the...Lennart Poettering2017-09-111-54/+6
* nspawn: part over seccomp code to use seccomp_add_syscall_filter_item()Lennart Poettering2017-09-111-67/+65
* seccomp: rework seccomp code, to improve compat with some archsLennart Poettering2017-01-181-50/+63
* seccomp: add new seccomp_init_conservative() helperLennart Poettering2016-10-241-15/+3
* nspawn: detect SECCOMP availability, skip audit filter if unavailableFelipe Sateler2016-09-071-5/+5
* Use "return log_error_errno" in more places"Zbigniew Jędrzejewski-Szmek2016-07-231-4/+2
* nspawn: lock down system call filter a bitLennart Poettering2016-06-131-11/+67
* nspawn: split out seccomp call into nspawn-seccomp.[ch]Djalal Harouni2016-05-261-0/+143