seccomp: port @privileged to use @reboot + @swap

Let's reuse two groups we already defined to make @privileged a bit
shorter.

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index f053b6353e86d39127f2dc75f896d7238f71418b..14a75bfffeba0760e9de18ef5d18315d3375e364 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -628,17 +628,16 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "@clock\0"
                 "@module\0"
                 "@raw-io\0"
+                "@reboot\0"
+                "@swap\0"
                 "_sysctl\0"
                 "acct\0"
                 "bpf\0"
                 "capset\0"
                 "chroot\0"
-                "kexec_file_load\0"
-                "kexec_load\0"
                 "nfsservctl\0"
                 "pivot_root\0"
                 "quotactl\0"
-                "reboot\0"
                 "setdomainname\0"
                 "setfsuid\0"
                 "setfsuid32\0"
@@ -651,8 +650,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "setreuid32\0"
                 "setuid\0"
                 "setuid32\0"
-                "swapoff\0"
-                "swapon\0"
                 "vhangup\0"
         },
         [SYSCALL_FILTER_SET_PROCESS] = {