seccomp: allowlist close_range() by default in @basic-io

author Lennart Poettering <lennart@poettering.net>

Wed, 14 Oct 2020 07:40:37 +0000 (09:40 +0200)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Tue, 8 Dec 2020 14:21:36 +0000 (15:21 +0100)
author Lennart Poettering <lennart@poettering.net>
Wed, 14 Oct 2020 07:40:37 +0000 (09:40 +0200)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 8 Dec 2020 14:21:36 +0000 (15:21 +0100)
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c

index 196c41c8b974ff76b827622c89d6b3d090c21117..3d0a6b4da9ceda96bcca40be71855d2351f7e110 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -330,6 +330,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                  .value =
                  "_llseek\0"
                  "close\0"
+                "close_range\0"
                  "dup\0"
                  "dup2\0"
                  "dup3\0"
author	Lennart Poettering <lennart@poettering.net>
	Wed, 14 Oct 2020 07:40:37 +0000 (09:40 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 8 Dec 2020 14:21:36 +0000 (15:21 +0100)