projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c79aff9) | patch
seccomp: drop execve() from @process list
authorLennart Poettering <lennart@poettering.net>
Tue, 25 Oct 2016 13:42:10 +0000 (15:42 +0200)
committerLennart Poettering <lennart@poettering.net>
Wed, 2 Nov 2016 14:49:59 +0000 (08:49 -0600)
commita8c157ff3081ee963adb0d046015abf9a271fa67
treea4bec5443d4b336d8939360905a07b9fa96b55eatree | snapshot
parentc79aff9a82abf361aea47b5c745ed9729c5f0212commit | diff
seccomp: drop execve() from @process list

The system call is already part in @default hence implicitly allowed anyway.
Also, if it is actually blocked then systemd couldn't execute the service in
question anymore, since the application of seccomp is immediately followed by
it.
man/systemd.exec.xml diff | blob | history
src/shared/seccomp-util.c diff | blob | history
Domain: System / System Framework;