[systemd-devel] [PATCH] refactored Re: [PATCH] nspawn: Map all seccomp filters to matching capabilities
Jay Faulkner
jay at jvf.cc
Mon Mar 2 17:28:10 PST 2015
Hey,
Lennart reviewed this in IRC and suggested I refactor the change in this manner. Now, we have an array of capability:sys call pairs, and iterate through that and then only add the seccomp filter if the capability doesn’t exist.
The new patch is attached, and available here: https://github.com/jayofdoom/systemd/pull/5.patch.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150303/793d6d26/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nspawn-seccomp-capabilities.patch
Type: application/octet-stream
Size: 4279 bytes
Desc: nspawn-seccomp-capabilities.patch
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150303/793d6d26/attachment-0001.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150303/793d6d26/attachment-0001.htm>
More information about the systemd-devel
mailing list