Skip to content

Commit

Permalink
Removed syscalls open and openat from policy defined in addExecutionC…
Browse files Browse the repository at this point in the history 
…ontrolRules due to this syscalls being handled by policy defined in addFileSystemAccessRules
  • Loading branch information
@mikimasn
mikimasn committed Feb 11, 2024
1 parent b5903c6 commit 3dbded8
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions src/seccomp/policy/DefaultPolicy.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,7 @@ void DefaultPolicy::addExecutionControlRules(bool allowFork) {
"sigaltstack",
"sigsuspend",
"clock_nanosleep",
"open",
"epoll_create1",
"openat"});
"epoll_create1"});

rules_.emplace_back(SeccompRule(
"set_thread_area", action::ActionTrace([](auto& /* tracee */) {
Expand Down

0 comments on commit 3dbded8

Please sign in to comment.