summaryrefslogtreecommitdiffstats
path: root/src/shared/seccomp-util.c (follow)
Commit message (Expand)AuthorAgeFilesLines
* strv: make iterator in STRV_FOREACH() declaread in the loopYu Watanabe2022-03-191-1/+0
* seccomp: move arch_prctl to @defaultZbigniew Jędrzejewski-Szmek2022-01-071-1/+1
* seccomp-util: include missing_syscall_def.h to make __SNR_foo mapped to __NR_fooYu Watanabe2022-01-021-7/+4
* seccomp: move mprotect to @defaultZbigniew Jędrzejewski-Szmek2021-11-141-1/+1
* nspawn: add --suppress-sync=yes mode for turning sync() and friends into NOPs...Lennart Poettering2021-10-201-0/+95
* seccomp: Always install filters for native architectureBenjamin Berg2021-09-301-0/+4
* seccomp: move sched_getaffinity() from @system-service to @defaultLennart Poettering2021-07-271-1/+1
* seccomp: drop getrandom() from @system-serviceLennart Poettering2021-07-271-1/+0
* malloc() uses getrandom nowCristian Rodríguez2021-07-231-0/+1
* seccomp: drop quotactl_path() again from filter setsLennart Poettering2021-06-151-1/+0
* seccomp: add some recently added syscalls to filter groupsLennart Poettering2021-06-091-0/+4
* seccomp: do not ignore deny-listed syscalls with errno when list is allow-listYu Watanabe2021-03-081-4/+6
* seccomp: use FLAGS_SET() macroYu Watanabe2021-03-081-5/+5
* core,seccomp: refuse to specify errno for allow-listed syscallsYu Watanabe2021-03-081-0/+3
* seccomp: fix comment and change variable nameYu Watanabe2021-03-081-7/+9
* seccomp_restrict_sxid: return ENOSYS for openat2()Mike Gilbert2021-01-271-2/+4
* util: move parse_syscall_and_errno() to seccomp-util.cYu Watanabe2021-01-181-0/+38
* seccomp: don't install filters for archs that can't use syscallsGreg Depoire--Ferrer2020-12-101-17/+30
* shared/seccomp-util: address family filtering is broken on ppcZbigniew Jędrzejewski-Szmek2020-11-261-3/+3
* seccomp: also move munmap into @default syscall filter setYu Watanabe2020-11-241-1/+1
* seccomp: move brk+mmap+mmap2 into @default syscall filter setLennart Poettering2020-11-191-3/+3
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
* seccomp: allow turning off of seccomp filtering via env varLennart Poettering2020-11-051-4/+14
* shared/seccomp-util: move stime() to @obsoleteTopi Miettinen2020-11-041-1/+1
* seccomp: allowlist close_range() by default in @basic-ioLennart Poettering2020-10-141-0/+1
* tree-wide: assorted coccinelle fixesFrantisek Sumsal2020-10-091-2/+2
* seccomp-util: fix typo in help messageSamanta Navarro2020-10-031-1/+1
* seccomp-util: add cacheflush() syscall to @default syscall setLennart Poettering2020-09-301-0/+1
* exec: SystemCallLog= directiveTopi Miettinen2020-09-151-0/+4
* exec: Add kill action to system call filtersTopi Miettinen2020-09-151-1/+3
* tree-wide: define iterator inside of the macroZbigniew Jędrzejewski-Szmek2020-09-081-7/+4
* tree-wide: drop pointless zero initialization (#16900)fangxiuning2020-08-291-1/+1
* Merge pull request #16819 from keszybz/seccomp-enosysZbigniew Jędrzejewski-Szmek2020-08-251-16/+43
|\
| * shared/seccomp-util: added functionality to make list of filtred syscallsZbigniew Jędrzejewski-Szmek2020-08-241-7/+32
| * shared/seccomp: reduce scope of indexing variablesZbigniew Jędrzejewski-Szmek2020-08-241-9/+5
| * shared: add @known syscall listZbigniew Jędrzejewski-Szmek2020-08-241-0/+6
* | Request seccomp logging if SYSTEMD_LOG_SECCOMP environment variable is set.Steve Dodd2020-08-211-0/+9
* | seccomp: add support for riscv64Aurelien Jarno2020-08-211-4/+26
|/
* shared/seccomp: use _cleanup_ in one more placeZbigniew Jędrzejewski-Szmek2020-08-191-10/+6
* shared/seccomp: do not use ifdef guards around textual syscall namesZbigniew Jędrzejewski-Szmek2020-08-191-6/+2
* Newer Glibc use faccessat2 to implement faccessatMichael Scherer2020-08-161-0/+1
* tree-wide: avoid some loaded termsLennart Poettering2020-06-251-14/+13
* tree-wide: use set_ensure_put()Zbigniew Jędrzejewski-Szmek2020-06-221-10/+5
* seccomp: filter openat2() entirely in seccomp_restrict_sxid()Lennart Poettering2020-06-031-0/+16
* tree-wide: Initialize _cleanup_ variables if neededBenjamin Robin2020-05-131-1/+1
* seccomp-util: add new syscalls from kernel 5.6 to syscall filter tableLennart Poettering2020-05-111-0/+2
* shared/seccomp: avoid possibly writing bogus errno code in debug logZbigniew Jędrzejewski-Szmek2019-12-061-5/+5
* seccomp: use per arch shmat_syscallChristian Ehrhardt2019-12-051-1/+1
* seccomp: ensure rules are loaded in seccomp_memory_deny_write_executeChristian Ehrhardt2019-12-051-1/+6
* seccomp: fix multiplexed system callsChristian Ehrhardt2019-12-051-8/+8