From 001a4c2493b13a43d62c7511fb509a959ae4abc2 Mon Sep 17 00:00:00 2001
From: Fabricio Voznika <fvoznika@google.com>
Date: Thu, 23 Aug 2018 11:14:02 -0700
Subject: Clean up syscall filters

Removed syscalls that are only used by whitelistfs
which has its own set of filters.

PiperOrigin-RevId: 209967259
Change-Id: Idb2e1b9d0201043d7cd25d96894f354729dbd089
---
 runsc/boot/filter/config.go | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 0ce49b3b2..e45e599c3 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -38,7 +38,6 @@ var allowedSyscalls = seccomp.SyscallRules{
 	syscall.SYS_EXIT:          {},
 	syscall.SYS_EXIT_GROUP:    {},
 	syscall.SYS_FALLOCATE:     {},
-	syscall.SYS_FCHMOD:        {},
 	syscall.SYS_FCNTL:         {},
 	syscall.SYS_FSTAT:         {},
 	syscall.SYS_FSYNC:         {},
@@ -60,15 +59,12 @@ var allowedSyscalls = seccomp.SyscallRules{
 	syscall.SYS_MMAP:            {},
 	syscall.SYS_MPROTECT:        {},
 	syscall.SYS_MUNMAP:          {},
-	syscall.SYS_NEWFSTATAT:      {},
 	syscall.SYS_POLL:            {},
 	syscall.SYS_PREAD64:         {},
 	syscall.SYS_PWRITE64:        {},
 	syscall.SYS_READ:            {},
-	syscall.SYS_READLINKAT:      {},
 	syscall.SYS_READV:           {},
 	syscall.SYS_RECVMSG:         {},
-	syscall.SYS_RENAMEAT:        {},
 	syscall.SYS_RESTART_SYSCALL: {},
 	syscall.SYS_RT_SIGACTION:    {},
 	syscall.SYS_RT_SIGPROCMASK:  {},
@@ -80,7 +76,6 @@ var allowedSyscalls = seccomp.SyscallRules{
 	syscall.SYS_SIGALTSTACK:     {},
 	syscall.SYS_SYNC_FILE_RANGE: {},
 	syscall.SYS_TGKILL:          {},
-	syscall.SYS_UTIMENSAT:       {},
 	syscall.SYS_WRITE:           {},
 	syscall.SYS_WRITEV:          {},
 }
-- 
cgit v1.2.3