Remove socketpair from the seccomp syscall filter whitelist.

socketpair() is called only before privileges are dropped, so it does not need to be in the whitelist.
2014-04-07 03:44:53 -04:00
parent 5fa2030bab
commit cab9162d8d
1 changed files with 0 additions and 3 deletions
--- a/src/seccomp.c
+++ b/src/seccomp.c
@ -50,7 +50,6 @@ int enforce_seccomp_ndhc(void)
        ALLOW_SYSCALL(sendto), // used for glibc syslog routines
        ALLOW_SYSCALL(recvmsg),
        ALLOW_SYSCALL(connect),
-        ALLOW_SYSCALL(socketpair),
 #elif defined(__i386__)
        ALLOW_SYSCALL(socketcall),
 #else
@ -121,7 +120,6 @@ int enforce_seccomp_ifch(void)
        ALLOW_SYSCALL(sendto), // used for glibc syslog routines
        ALLOW_SYSCALL(recvmsg),
        ALLOW_SYSCALL(socket),
-        ALLOW_SYSCALL(socketpair),
 #elif defined(__i386__)
        ALLOW_SYSCALL(socketcall),
 #else
@ -181,7 +179,6 @@ int enforce_seccomp_sockd(void)
        ALLOW_SYSCALL(socket),
        ALLOW_SYSCALL(setsockopt),
        ALLOW_SYSCALL(bind),
-        ALLOW_SYSCALL(socketpair),
 #elif defined(__i386__)
        ALLOW_SYSCALL(socketcall),
        ALLOW_SYSCALL(fcntl64),