const char* name;
} whitelist[] = {
/* Let's use set names where we can */
+ { 0, "@aio" },
{ 0, "@basic-io" },
+ { 0, "@chown" },
{ 0, "@default" },
{ 0, "@file-system" },
{ 0, "@io-event" },
{ 0, "@resources" },
{ 0, "@setuid" },
{ 0, "@signal" },
+ { 0, "@sync" },
{ 0, "@timer" },
/* The following four are sets we optionally enable, in case the caps have been configured for it */
{ 0, "brk" },
{ 0, "capget" },
{ 0, "capset" },
- { 0, "chown" },
- { 0, "chown32" },
{ 0, "copy_file_range" },
{ 0, "fadvise64" },
{ 0, "fadvise64_64" },
- { 0, "fchown" },
- { 0, "fchown32" },
- { 0, "fchownat" },
- { 0, "fdatasync" },
{ 0, "flock" },
- { 0, "fsync" },
{ 0, "get_mempolicy" },
{ 0, "getcpu" },
{ 0, "getpriority" },
{ 0, "getrandom" },
- { 0, "io_cancel" },
- { 0, "io_destroy" },
- { 0, "io_getevents" },
- { 0, "io_setup" },
- { 0, "io_submit" },
{ 0, "ioctl" },
{ 0, "ioprio_get" },
{ 0, "kcmp" },
- { 0, "lchown" },
- { 0, "lchown32" },
{ 0, "madvise" },
{ 0, "mincore" },
{ 0, "mprotect" },
{ 0, "mremap" },
- { 0, "msync" },
{ 0, "name_to_handle_at" },
{ 0, "oldolduname" },
{ 0, "olduname" },
{ 0, "personality" },
- { 0, "preadv2" },
- { 0, "pwritev2" },
{ 0, "readahead" },
{ 0, "readdir" },
{ 0, "remap_file_pages" },
{ 0, "setpgid" },
{ 0, "setsid" },
{ 0, "splice" },
- { 0, "sync" },
- { 0, "sync_file_range" },
- { 0, "syncfs" },
{ 0, "sysinfo" },
{ 0, "tee" },
{ 0, "umask" },
projects / thirdparty / systemd.git / blobdiff