Merge pull request #7024 from pierretom/patch9

update system call groups - part 1
2026-05-15 14:16:14 -06:00 · 2026-01-10 09:42:44 -05:00 · 2026-01-10 09:42:44 -05:00 · 0cae959da5
commit 0cae959da5
parent 0ddf56a318 d3b096b112
1 changed files with 27 additions and 38 deletions
--- a/src/lib/syscall.c
+++ b/src/lib/syscall.c
@ -319,9 +319,6 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_ioprio_set
 	  "ioprio_set,"
 #endif
-#ifdef SYS_ni_syscall
-	  "ni_syscall,"
-#endif
 #ifdef SYS_syslog
 	  "syslog,"
 #endif
@ -391,9 +388,21 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_vhangup
 	  "vhangup"
 #endif
-//#ifdef SYS_mincore	// 0.9.57 - problem fixed in Linux kernel 5.0; on 4.x it will break kodi, mpv, totem
-//	  "mincore"
-//#endif
+	},
+	{ .name = "@default-keep", .list =
+#ifdef SYS_arch_prctl
+	  "arch_prctl," // breaks glibc, i386 and x86_64 only
+#endif
+	  "execve,"
+	  "execveat," // commonly used by fexecve
+#ifdef SYS_mmap
+	  "mmap," // cannot load shared libraries
+#endif
+#ifdef SYS_mmap2
+	  "mmap2,"
+#endif
+	  "mprotect," // cannot load shared libraries
+	  "prctl"
 	},
 	{ .name = "@default-nodebuggers", .list =
 	  "@default,"
@ -407,11 +416,6 @@ static const SyscallGroupList sysgroups[] = {
 	  "process_vm_readv"
 #endif
 	},
-	{ .name = "@default-keep", .list =
-	  "execveat," // commonly used by fexecve
-	  "execve,"
-	  "prctl"
-	},
 	{ .name = "@file-system", .list =
 #ifdef SYS_access
 	  "access,"
@ -554,12 +558,6 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_mknodat
 	  "mknodat,"
 #endif
-#ifdef SYS_mmap
-	  "mmap,"
-#endif
-#ifdef SYS_mmap2
-	  "mmap2,"
-#endif
 #ifdef SYS_munmap
 	  "munmap,"
 #endif
@ -664,18 +662,12 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_epoll_ctl
 	  "epoll_ctl,"
 #endif
-#ifdef SYS_epoll_ctl_old
-	  "epoll_ctl_old,"
-#endif
 #ifdef SYS_epoll_pwait
 	  "epoll_pwait,"
 #endif
 #ifdef SYS_epoll_wait
 	  "epoll_wait,"
 #endif
-#ifdef SYS_epoll_wait_old
-	  "epoll_wait_old,"
-#endif
 #ifdef SYS_eventfd
 	  "eventfd,"
 #endif
@ -927,6 +919,12 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_create_module
 	  "create_module,"
 #endif
+#ifdef SYS_epoll_ctl_old
+	  "epoll_ctl_old,"
+#endif
+#ifdef SYS_epoll_wait_old
+	  "epoll_wait_old,"
+#endif
 #ifdef SYS_ftime
 	  "ftime,"
 #endif
@ -1078,9 +1076,6 @@ static const SyscallGroupList sysgroups[] = {
 #endif
 	},
 	{ .name = "@process", .list =
-#ifdef SYS_arch_prctl
-	  "arch_prctl,"
-#endif
 #ifdef SYS_capget
 	  "capget,"
 #endif
@ -1090,15 +1085,9 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_clone3
 	  "clone3,"
 #endif
-#ifdef SYS_execveat
-	  "execveat,"
-#endif
 #ifdef SYS_fork
 	  "fork,"
 #endif
-#ifdef SYS_getrusage
-	  "getrusage,"
-#endif
 #ifdef SYS_kill
 	  "kill,"
 #endif
@ -1108,9 +1097,6 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_pidfd_send_signal
 	  "pidfd_send_signal,"
 #endif
-#ifdef SYS_prctl
-	  "prctl,"
-#endif
 #ifdef SYS_rt_sigqueueinfo
 	  "rt_sigqueueinfo,"
 #endif
@ -1186,6 +1172,9 @@ static const SyscallGroupList sysgroups[] = {
 #endif
 	},
 	{ .name = "@resources", .list =
+#ifdef SYS_getrusage
+	  "getrusage,"
+#endif
 #ifdef SYS_ioprio_set
 	  "ioprio_set,"
 #endif
@ -1195,6 +1184,9 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_migrate_pages
 	  "migrate_pages,"
 #endif
+#ifdef SYS_mincore
+	  "mincore,"
+#endif
 #ifdef SYS_move_pages
 	  "move_pages,"
 #endif
@ -1395,9 +1387,6 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_madvise
 	  "madvise,"
 #endif
-#ifdef SYS_mprotect
-	  "mprotect,"
-#endif
 #ifdef SYS_mremap
 	  "mremap,"
 #endif