tree-wide: drop 'This file is part of systemd' blurb

[thirdparty/systemd.git] / src / nspawn / nspawn-seccomp.c

diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index 196766dc98451fe78c74115228cd67dc7abe88f4..008d013af6b7f6f8fa33eac9d510fe0946275c5d 100644 (file)
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -1,20 +1,6 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
 /***
-  This file is part of systemd.
-
   Copyright 2016 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
 #include <errno.h>
@@ -49,7 +35,9 @@ static int seccomp_add_default_syscall_filter(
                 const char* name;
         } whitelist[] = {
                 /* Let's use set names where we can */
+                { 0,                  "@aio"                   },
                 { 0,                  "@basic-io"              },
+                { 0,                  "@chown"                 },
                 { 0,                  "@default"               },
                 { 0,                  "@file-system"           },
                 { 0,                  "@io-event"              },
@@ -60,6 +48,7 @@ static int seccomp_add_default_syscall_filter(
                 { 0,                  "@resources"             },
                 { 0,                  "@setuid"                },
                 { 0,                  "@signal"                },
+                { 0,                  "@sync"                  },
                 { 0,                  "@timer"                 },
 
                 /* The following four are sets we optionally enable, in case the caps have been configured for it */
@@ -72,42 +61,25 @@ static int seccomp_add_default_syscall_filter(
                 { 0,                  "brk"                    },
                 { 0,                  "capget"                 },
                 { 0,                  "capset"                 },
-                { 0,                  "chown"                  },
-                { 0,                  "chown32"                },
                 { 0,                  "copy_file_range"        },
                 { 0,                  "fadvise64"              },
                 { 0,                  "fadvise64_64"           },
-                { 0,                  "fchown"                 },
-                { 0,                  "fchown32"               },
-                { 0,                  "fchownat"               },
-                { 0,                  "fdatasync"              },
                 { 0,                  "flock"                  },
-                { 0,                  "fsync"                  },
                 { 0,                  "get_mempolicy"          },
                 { 0,                  "getcpu"                 },
                 { 0,                  "getpriority"            },
                 { 0,                  "getrandom"              },
-                { 0,                  "io_cancel"              },
-                { 0,                  "io_destroy"             },
-                { 0,                  "io_getevents"           },
-                { 0,                  "io_setup"               },
-                { 0,                  "io_submit"              },
                 { 0,                  "ioctl"                  },
                 { 0,                  "ioprio_get"             },
                 { 0,                  "kcmp"                   },
-                { 0,                  "lchown"                 },
-                { 0,                  "lchown32"               },
                 { 0,                  "madvise"                },
                 { 0,                  "mincore"                },
                 { 0,                  "mprotect"               },
                 { 0,                  "mremap"                 },
-                { 0,                  "msync"                  },
                 { 0,                  "name_to_handle_at"      },
                 { 0,                  "oldolduname"            },
                 { 0,                  "olduname"               },
                 { 0,                  "personality"            },
-                { 0,                  "preadv2"                },
-                { 0,                  "pwritev2"               },
                 { 0,                  "readahead"              },
                 { 0,                  "readdir"                },
                 { 0,                  "remap_file_pages"       },
@@ -131,12 +103,8 @@ static int seccomp_add_default_syscall_filter(
                 { 0,                  "setpgid"                },
                 { 0,                  "setsid"                 },
                 { 0,                  "splice"                 },
-                { 0,                  "sync"                   },
-                { 0,                  "sync_file_range"        },
-                { 0,                  "syncfs"                 },
                 { 0,                  "sysinfo"                },
                 { 0,                  "tee"                    },
-                { 0,                  "ugetrlimit"             },
                 { 0,                  "umask"                  },
                 { 0,                  "uname"                  },
                 { 0,                  "userfaultfd"            },