From: Nick Rosbrook <enr0n@ubuntu.com>
Date: Mon, 23 Feb 2026 20:25:27 +0000 (-0500)
Subject: seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default
X-Git-Tag: v257.11~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3a64e2c396deaecd1a574fb13b615830231f36b;p=thirdparty%2Fsystemd.git

seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default

These syscalls are part of a newer kernel API to replace interaction
with /proc/self/attr, with the goal of allowing LSM stacking. These are
being used now by e.g. libapparmor, so should be more easily available
to services using seccomp filtering.

(cherry picked from commit 7a1888954c4a4666150a59125c2e6c92277bb4e2)
(cherry picked from commit 515816197e8155c3ddc4ab2092d23744509c37ea)
(cherry picked from commit 75cbe81bba6eb9fa9e8ad6a4937658aec6680f11)
---

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 75cf5257989..e6a361c82cc 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -359,6 +359,8 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "gettimeofday\0"
                 "getuid\0"
                 "getuid32\0"
+                "lsm_get_self_attr\0"
+                "lsm_list_modules\0"
                 "membarrier\0"
                 "mmap\0"
                 "mmap2\0"