From af0f047ba8e8334e3e3b0863025ae02f9dbd8b52 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 2 Oct 2017 09:16:50 +0200
Subject: [PATCH] seccomp: port @privileged to use @reboot + @swap

Let's reuse two groups we already defined to make @privileged a bit
shorter.
---
 src/shared/seccomp-util.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index f053b6353e8..14a75bfffeb 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -628,17 +628,16 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "@clock\0"
                 "@module\0"
                 "@raw-io\0"
+                "@reboot\0"
+                "@swap\0"
                 "_sysctl\0"
                 "acct\0"
                 "bpf\0"
                 "capset\0"
                 "chroot\0"
-                "kexec_file_load\0"
-                "kexec_load\0"
                 "nfsservctl\0"
                 "pivot_root\0"
                 "quotactl\0"
-                "reboot\0"
                 "setdomainname\0"
                 "setfsuid\0"
                 "setfsuid32\0"
@@ -651,8 +650,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "setreuid32\0"
                 "setuid\0"
                 "setuid32\0"
-                "swapoff\0"
-                "swapon\0"
                 "vhangup\0"
         },
         [SYSCALL_FILTER_SET_PROCESS] = {
-- 
2.47.3