seccomp: remove 'gettid' syscall from '@process' syscall set (#6989)

The gettid syscall is one of the most basic syscalls, it never fails and it operates on current thread. Most applications are not suposed to use it, however even if it is used there is no much justification on blocking it. This patch removes it from '@process' set so if users blacklist this set to block setns or clone syscalls, the gettid syscall will still be available. Of course they can always block gettid explicitly. Note that the gettid is already in the '@default' set.
author: Djalal Harouni <tixxdz@opendz.org> 2017-10-05 14:46:41 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2017-10-05 14:46:41 +0200
commit: 7c72bab4e35abe8884c3def83aae42b6638685da (patch)
tree: 44c19e44d8621d309a8e987423968074742a4241
parent: Merge pull request #6931 from poettering/job-timeout-sec (diff)
download: systemd-7c72bab4e35abe8884c3def83aae42b6638685da.tar.xz
systemd-7c72bab4e35abe8884c3def83aae42b6638685da.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 73dc571b6b..a2354325d1 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -647,7 +647,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "execveat\0"
                 "fork\0"
                 "getrusage\0"
-                "gettid\0"
                 "kill\0"
                 "prctl\0"
                 "rt_sigqueueinfo\0"
author	Djalal Harouni <tixxdz@opendz.org>	2017-10-05 14:46:41 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2017-10-05 14:46:41 +0200
commit	7c72bab4e35abe8884c3def83aae42b6638685da (patch)
tree	44c19e44d8621d309a8e987423968074742a4241
parent	Merge pull request #6931 from poettering/job-timeout-sec (diff)
download	systemd-7c72bab4e35abe8884c3def83aae42b6638685da.tar.xz systemd-7c72bab4e35abe8884c3def83aae42b6638685da.zip