[systemd-devel] [PATCH] refactored Re: [PATCH] nspawn: Map all seccomp filters to matching capabilities
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Wed Mar 4 20:19:54 PST 2015
On Tue, Mar 03, 2015 at 05:18:00PM +0000, Jay Faulkner wrote:
>
> On Mar 3, 2015, at 8:55 AM, Topi Miettinen <toiwoton at gmail.com<mailto:toiwoton at gmail.com>> wrote:
>
> On 03/03/15 01:28, Jay Faulkner wrote:
> Hey,
>
> Lennart reviewed this in IRC and suggested I refactor the change in this
> manner. Now, we have an array of capability:sys call pairs, and iterate
> through that and then only add the seccomp filter if the capability
> doesn’t exist.
>
> The new patch is attached, and available
> here: https://github.com/jayofdoom/systemd/pull/5.patch.
Applied, with some changes. Please test that it still works for you.
Zbyszek
More information about the systemd-devel
mailing list