summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2018-08-23 11:14:02 -0700
committerShentubot <shentubot@google.com>2018-08-23 11:15:07 -0700
commit001a4c2493b13a43d62c7511fb509a959ae4abc2 (patch)
treed7318d7630610cf63ba9d88771a266099e917ab6
parentabe7764928bb18fe417c53c8ea8aa9fb970114b7 (diff)
Clean up syscall filters
Removed syscalls that are only used by whitelistfs which has its own set of filters. PiperOrigin-RevId: 209967259 Change-Id: Idb2e1b9d0201043d7cd25d96894f354729dbd089
-rw-r--r--runsc/boot/filter/config.go5
1 files changed, 0 insertions, 5 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 0ce49b3b2..e45e599c3 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -38,7 +38,6 @@ var allowedSyscalls = seccomp.SyscallRules{
syscall.SYS_EXIT: {},
syscall.SYS_EXIT_GROUP: {},
syscall.SYS_FALLOCATE: {},
- syscall.SYS_FCHMOD: {},
syscall.SYS_FCNTL: {},
syscall.SYS_FSTAT: {},
syscall.SYS_FSYNC: {},
@@ -60,15 +59,12 @@ var allowedSyscalls = seccomp.SyscallRules{
syscall.SYS_MMAP: {},
syscall.SYS_MPROTECT: {},
syscall.SYS_MUNMAP: {},
- syscall.SYS_NEWFSTATAT: {},
syscall.SYS_POLL: {},
syscall.SYS_PREAD64: {},
syscall.SYS_PWRITE64: {},
syscall.SYS_READ: {},
- syscall.SYS_READLINKAT: {},
syscall.SYS_READV: {},
syscall.SYS_RECVMSG: {},
- syscall.SYS_RENAMEAT: {},
syscall.SYS_RESTART_SYSCALL: {},
syscall.SYS_RT_SIGACTION: {},
syscall.SYS_RT_SIGPROCMASK: {},
@@ -80,7 +76,6 @@ var allowedSyscalls = seccomp.SyscallRules{
syscall.SYS_SIGALTSTACK: {},
syscall.SYS_SYNC_FILE_RANGE: {},
syscall.SYS_TGKILL: {},
- syscall.SYS_UTIMENSAT: {},
syscall.SYS_WRITE: {},
syscall.SYS_WRITEV: {},
}