seccomp: two fixes for the syscall set tables

"oldumount()" is not a syscall, but simply a wrapper for it, the actual syscall
nr is called "umount" (and the nr of umount() is called umount2 internally).

"sysctl()" is not a syscall, but "_syscall()" is. Fix this in the table.

Without these changes libseccomp cannot actually translate the tables in full.
This wasn't noticed before as the code was written defensively for this case.

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 0b9fa47c4403af7fcfb32e2425b6ac0f9e9d0357..f1e9de05b2fe40054eedcbfd40d1fc8ac592dca1 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -272,7 +272,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 .value =
                 "chroot\0"
                 "mount\0"
-                "oldumount\0"
                 "pivot_root\0"
                 "umount2\0"
                 "umount\0"
@@ -371,7 +370,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "setuid\0"
                 "swapoff\0"
                 "swapon\0"
-                "sysctl\0"
+                "_sysctl\0"
                 "vhangup\0"
         },
         [SYSCALL_FILTER_SET_PROCESS] = {