diff options
author | Fabricio Voznika <fvoznika@google.com> | 2018-08-23 11:14:02 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-08-23 11:15:07 -0700 |
commit | 001a4c2493b13a43d62c7511fb509a959ae4abc2 (patch) | |
tree | d7318d7630610cf63ba9d88771a266099e917ab6 | |
parent | abe7764928bb18fe417c53c8ea8aa9fb970114b7 (diff) |
Clean up syscall filters
Removed syscalls that are only used by whitelistfs
which has its own set of filters.
PiperOrigin-RevId: 209967259
Change-Id: Idb2e1b9d0201043d7cd25d96894f354729dbd089
-rw-r--r-- | runsc/boot/filter/config.go | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index 0ce49b3b2..e45e599c3 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -38,7 +38,6 @@ var allowedSyscalls = seccomp.SyscallRules{ syscall.SYS_EXIT: {}, syscall.SYS_EXIT_GROUP: {}, syscall.SYS_FALLOCATE: {}, - syscall.SYS_FCHMOD: {}, syscall.SYS_FCNTL: {}, syscall.SYS_FSTAT: {}, syscall.SYS_FSYNC: {}, @@ -60,15 +59,12 @@ var allowedSyscalls = seccomp.SyscallRules{ syscall.SYS_MMAP: {}, syscall.SYS_MPROTECT: {}, syscall.SYS_MUNMAP: {}, - syscall.SYS_NEWFSTATAT: {}, syscall.SYS_POLL: {}, syscall.SYS_PREAD64: {}, syscall.SYS_PWRITE64: {}, syscall.SYS_READ: {}, - syscall.SYS_READLINKAT: {}, syscall.SYS_READV: {}, syscall.SYS_RECVMSG: {}, - syscall.SYS_RENAMEAT: {}, syscall.SYS_RESTART_SYSCALL: {}, syscall.SYS_RT_SIGACTION: {}, syscall.SYS_RT_SIGPROCMASK: {}, @@ -80,7 +76,6 @@ var allowedSyscalls = seccomp.SyscallRules{ syscall.SYS_SIGALTSTACK: {}, syscall.SYS_SYNC_FILE_RANGE: {}, syscall.SYS_TGKILL: {}, - syscall.SYS_UTIMENSAT: {}, syscall.SYS_WRITE: {}, syscall.SYS_WRITEV: {}, } |