]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7052684)
seccomp: explain why we use setuid rather than @setuid in @privileged
authorLennart Poettering <lennart@poettering.net>
Wed, 18 Apr 2018 19:45:44 +0000 (21:45 +0200)
committerLennart Poettering <lennart@poettering.net>
Thu, 14 Jun 2018 15:44:20 +0000 (17:44 +0200)
src/shared/seccomp-util.c patch | blob | blame | history

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 4a02d8c35f33fc413ee61cd8d496ad10e579269c..c433cb90dceca639fe77b3e25f4d59de91852b78 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -632,7 +632,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "setresuid32\0"
                 "setreuid\0"
                 "setreuid32\0"
-                "setuid\0"
+                "setuid\0"      /* We list the explicit system calls here, as @setuid also includes setgid() which is not necessarily privileged */
                 "setuid32\0"
                 "vhangup\0"
         },
Unnamed repository; edit this file 'description' to name the repository.