summaryrefslogtreecommitdiffstats
path: root/src/shared/seccomp-util.c (follow)
Commit message (Expand)AuthorAgeFilesLines
* seccomp: add new 5.1 syscall pidfd_send_signal() to filter set listLennart Poettering2019-05-281-0/+1
* seccomp: add scmp_act_kill_process() helper that returns SCMP_ACT_KILL_PROCES...Lennart Poettering2019-05-241-0/+15
* seccomp: check more error codes from seccomp_load()Anita Zhang2019-04-121-11/+11
* Merge pull request #12198 from keszybz/seccomp-parsing-loggingZbigniew Jędrzejewski-Szmek2019-04-031-2/+2
|\
| * pid1: pass unit name to seccomp parser when we have no file locationZbigniew Jędrzejewski-Szmek2019-04-031-2/+2
* | seccomp: rework how the S[UG]ID filter is installedZbigniew Jędrzejewski-Szmek2019-04-031-106/+138
|/
* seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid...Lennart Poettering2019-04-021-0/+132
* seccomp: add debug messages to seccomp_protect_hostname()Lennart Poettering2019-04-021-2/+6
* seccomp: add rseq() to default list of syscalls to whitelistLennart Poettering2019-03-281-0/+1
* seccomp: allow shmat to be a separate syscall on architectures which use a mu...Zbigniew Jędrzejewski-Szmek2019-03-151-1/+2
* seccomp: shm{get,at,dt} now have their own numbers everywhereZbigniew Jędrzejewski-Szmek2019-03-151-5/+0
* util: split out nulstr related stuff to nulstr-util.[ch]Lennart Poettering2019-03-141-2/+2
* core: ProtectHostname= featureTopi Miettinen2019-02-201-0/+37
* seccomp: drop mincore() from @system-service syscall filter groupLennart Poettering2019-01-161-1/+0
* seccomp-util: drop process_vm_readv from @debug groupLennart Poettering2018-11-301-2/+0
* coccinelle: make use of SYNTHETIC_ERRNOZbigniew Jędrzejewski-Szmek2018-11-221-4/+4
* seccomp: add some missing syscalls to filter setsLennart Poettering2018-11-161-0/+3
* shared: fix typoZbigniew Jędrzejewski-Szmek2018-11-101-1/+1
* tree-wide: replace 'unsigned int' with 'unsigned'Yu Watanabe2018-10-191-1/+1
* seccomp: tighten checking of seccomp filter creationZbigniew Jędrzejewski-Szmek2018-09-241-10/+16
* seccomp: reduce logging about failure to add syscall to seccompZbigniew Jędrzejewski-Szmek2018-09-241-26/+31
* seccomp: permit specifying multiple errnos for a syscallLucas Werkmeister2018-09-071-4/+2
* seccomp: improve error reportingLucas Werkmeister2018-08-291-1/+11
* seccomp: add swapcontext into @process for ppc32Lion Yang2018-07-031-0/+1
* seccomp: explain why we use setuid rather than @setuid in @privilegedLennart Poettering2018-06-141-1/+1
* seccomp: add new system call filter, suitable as default whitelist for system...Lennart Poettering2018-06-141-0/+69
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
* nsflsgs: drop namespace_flag_{from,to}_string()Yu Watanabe2018-05-051-1/+1
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
* tree-wide: use TAKE_PTR() and TAKE_FD() macrosYu Watanabe2018-04-051-2/+1
* Partially revert "seccomp: add mmap and address family restrictions for MIPS"...James Cowgill2018-03-231-10/+4
* seccomp: add mmap and address family restrictions for MIPS (#8547)James Cowgill2018-03-221-4/+16
* seccomp: enable RestrictAddressFamilies on ppc (#8505)Mathieu Malaterre2018-03-201-1/+1
* seccomp: rework functions for parsing system call filtersLennart Poettering2018-02-271-15/+19
* seccomp: allow x86-64 syscalls on x32, used by the VDSO (fix #8060)Alan Jenkins2018-02-021-4/+22
* seccomp-util: fix alarming debug message (#8002, #8001)Alan Jenkins2018-01-311-1/+1
* Merge pull request #7695 from yuwata/transient-socketLennart Poettering2017-12-231-0/+59
|\
| * core,seccomp: fix logic to parse syscall filter in dbus-execute.cYu Watanabe2017-12-231-0/+59
* | shared/seccomp: add mmap handling for powerpcMathieu Malaterre2017-12-221-1/+2
|/
* tree-wide: add DEBUG_LOGGING macro that checks whether debug logging is on (#...Lennart Poettering2017-12-151-1/+1
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
* shared/seccomp: skip pkey_mprotect protections if the syscall is unknownZbigniew Jędrzejewski-Szmek2017-11-131-0/+2
* shared/seccomp: disallow pkey_mprotect the same as mprotect for W^X mappings ...Zbigniew Jędrzejewski-Szmek2017-11-121-0/+6
* seccomp: include ARM set_tls in @default (#7297)Lennart Poettering2017-11-121-0/+1
* core: add support to specify errno in SystemCallFilter=Yu Watanabe2017-11-111-8/+14
* Fix typo in statx macro (#7180)Antonio Rojas2017-11-101-1/+1
* seccomp: port @privileged to use @reboot + @swapLennart Poettering2017-10-051-5/+2
* seccomp: there is no "kexec" syscallLennart Poettering2017-10-051-1/+1
* seccomp: add three more seccomp groupsLennart Poettering2017-10-051-7/+36
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 03:44:04 +0100