From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 13 Sep 2017 17:44:11 +0000 (+0200)
Subject: seccomp: augment the @resources group a bit
X-Git-Tag: v235~107^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0963c053fa59b6fe3a40da1e05c0ca9c4c54eb46;p=thirdparty%2Fsystemd.git

seccomp: augment the @resources group a bit

Given that sched_setattr/sched_setparam/sched_setscheduler are already
in the group the closely related nice + ioprio_set should also be
included.

Also, order things alphabetically.
---

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index d96b449082b..f4f4eb36d37 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -658,17 +658,19 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 .name = "@resources",
                 .help = "Alter resource settings",
                 .value =
+                "ioprio_set\0"
+                "mbind\0"
+                "migrate_pages\0"
+                "move_pages\0"
+                "nice\0"
+                "prlimit64\0"
+                "sched_setaffinity\0"
+                "sched_setattr\0"
                 "sched_setparam\0"
                 "sched_setscheduler\0"
-                "sched_setaffinity\0"
+                "set_mempolicy\0"
                 "setpriority\0"
                 "setrlimit\0"
-                "set_mempolicy\0"
-                "migrate_pages\0"
-                "move_pages\0"
-                "mbind\0"
-                "sched_setattr\0"
-                "prlimit64\0"
         },
         [SYSCALL_FILTER_SET_SETUID] = {
                 .name = "@setuid",