From c5503601e21d7eea67f07417a680237db238d50c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 19 Apr 2022 11:56:23 +0200 Subject: [PATCH] shared/seccomp: add note about clone2() being unimportant MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit In case anyone else starts wondering whether it should be listed as I did… --- src/shared/seccomp-util.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index c465bf58ddd..50ad6bc2449 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -718,6 +718,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { .value = "capget\0" /* Able to query arbitrary processes */ "clone\0" + /* ia64 as the only architecture has clone2, a replacement for clone, but ia64 doesn't + * implement seccomp, so we don't need to list it at all. C.f. + * acce2f71779c54086962fefce3833d886c655f62 in the kernel. */ "clone3\0" "execveat\0" "fork\0" -- 2.47.3