projects / platform / upstream / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ceaa6aa)
seccomp: order the syscalls in more groups alphabetically
authorLennart Poettering <lennart@poettering.net>
Wed, 13 Sep 2017 17:39:02 +0000 (19:39 +0200)
committerLennart Poettering <lennart@poettering.net>
Thu, 14 Sep 2017 13:45:21 +0000 (15:45 +0200)
No changes besides reordering.

src/shared/seccomp-util.c patch | blob | history

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 44dc027..fef6160 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -436,15 +436,15 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 .help = "Event loop system calls",
                 .value =
                 "_newselect\0"
-                "epoll_create1\0"
                 "epoll_create\0"
+                "epoll_create1\0"
                 "epoll_ctl\0"
                 "epoll_ctl_old\0"
                 "epoll_pwait\0"
                 "epoll_wait\0"
                 "epoll_wait_old\0"
-                "eventfd2\0"
                 "eventfd\0"
+                "eventfd2\0"
                 "poll\0"
                 "ppoll\0"
                 "pselect6\0"
@@ -466,8 +466,8 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "msgget\0"
                 "msgrcv\0"
                 "msgsnd\0"
-                "pipe2\0"
                 "pipe\0"
+                "pipe2\0"
                 "process_vm_readv\0"
                 "process_vm_writev\0"
                 "semctl\0"
@@ -502,15 +502,15 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "chroot\0"
                 "mount\0"
                 "pivot_root\0"
-                "umount2\0"
                 "umount\0"
+                "umount2\0"
         },
         [SYSCALL_FILTER_SET_NETWORK_IO] = {
                 .name = "@network-io",
                 .help = "Network or Unix socket IO, should not be needed if not network facing",
                 .value =
-                "accept4\0"
                 "accept\0"
+                "accept4\0"
                 "bind\0"
                 "connect\0"
                 "getpeername\0"
@@ -569,38 +569,38 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "@clock\0"
                 "@module\0"
                 "@raw-io\0"
+                "_sysctl\0"
                 "acct\0"
                 "bpf\0"
                 "capset\0"
-                "chown32\0"
                 "chown\0"
+                "chown32\0"
                 "chroot\0"
-                "fchown32\0"
                 "fchown\0"
+                "fchown32\0"
                 "fchownat\0"
                 "kexec_file_load\0"
                 "kexec_load\0"
-                "lchown32\0"
                 "lchown\0"
+                "lchown32\0"
                 "nfsservctl\0"
                 "pivot_root\0"
                 "quotactl\0"
                 "reboot\0"
                 "setdomainname\0"
-                "setfsuid32\0"
                 "setfsuid\0"
-                "setgroups32\0"
+                "setfsuid32\0"
                 "setgroups\0"
+                "setgroups32\0"
                 "sethostname\0"
-                "setresuid32\0"
                 "setresuid\0"
-                "setreuid32\0"
+                "setresuid32\0"
                 "setreuid\0"
-                "setuid32\0"
+                "setreuid32\0"
                 "setuid\0"
+                "setuid32\0"
                 "swapoff\0"
                 "swapon\0"
-                "_sysctl\0"
                 "vhangup\0"
         },
         [SYSCALL_FILTER_SET_PROCESS] = {
@@ -663,20 +663,20 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 .name = "@setuid",
                 .help = "Operations for changing user/group credentials",
                 .value =
-                "setgid32\0"
                 "setgid\0"
-                "setgroups32\0"
+                "setgid32\0"
                 "setgroups\0"
-                "setregid32\0"
+                "setgroups32\0"
                 "setregid\0"
-                "setresgid32\0"
+                "setregid32\0"
                 "setresgid\0"
-                "setresuid32\0"
+                "setresgid32\0"
                 "setresuid\0"
-                "setreuid32\0"
+                "setresuid32\0"
                 "setreuid\0"
-                "setuid32\0"
+                "setreuid32\0"
                 "setuid\0"
+                "setuid32\0"
         },
         [SYSCALL_FILTER_SET_SWAP] = {
                 .name = "@swap",
Domain: System / System Framework;