[PR #7024] [MERGED] modif: reorganize & update syscall groups (syscall.c) - part 1 #6280

New issue

Closed

opened 2026-05-05 10:54:02 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:54:02 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/7024
Author: @pierretom
Created: 1/10/2026
Status: ✅ Merged
Merged: 1/10/2026
Merged by: @netblue30

Base: master ← Head: patch9

📝 Commits (1)

d3b096b update system call groups - part 1

📊 Changes

1 file changed (+27 additions, -38 deletions)

View changed files

📝 src/lib/syscall.c (+27 -38)

📄 Description

Remove ni_syscall, it's an invalid system call
Remove execveat and prctl from @process, as it's present in @default-keep and always whitelisted
Move @default-keep group before @default-nodebuggers, to keep the alphabetical order
Move execve before execveat, to keep the alphabetical order
Move arch_prctl from @process to @default-keep, it breaks glibc
Move mmap and mmap2 from @file-system to @default-keep, they break loading of shared libraries
Move mprotect from @system-service to @default-keep, it breaks loading of shared libraries
Move epoll_ctl_old and epoll_wait_old from @io-event to @obsolete
Move getrusage from @process to @resources
Allow to define mincore in @resources

Relates to:

#7000

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/7024 **Author:** [@pierretom](https://github.com/pierretom) **Created:** 1/10/2026 **Status:** ✅ Merged **Merged:** 1/10/2026 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `patch9` --- ### 📝 Commits (1) - [`d3b096b`](https://github.com/netblue30/firejail/commit/d3b096b112502ba260fb572d36e39546faeefa78) update system call groups - part 1 ### 📊 Changes **1 file changed** (+27 additions, -38 deletions) <details> <summary>View changed files</summary> 📝 `src/lib/syscall.c` (+27 -38) </details> ### 📄 Description - Remove `ni_syscall`, it's an invalid system call - Remove `execveat` and `prctl` from `@process`, as it's present in `@default-keep` and always whitelisted - Move `@default-keep` group before `@default-nodebuggers`, to keep the alphabetical order - Move `execve` before `execveat`, to keep the alphabetical order - Move `arch_prctl` from `@process` to `@default-keep`, it breaks glibc - Move `mmap` and `mmap2` from `@file-system` to `@default-keep`, they break loading of shared libraries - Move `mprotect` from `@system-service` to `@default-keep`, it breaks loading of shared libraries - Move `epoll_ctl_old` and `epoll_wait_old` from `@io-event` to `@obsolete` - Move `getrusage` from `@process` to `@resources` - Allow to define `mincore` in `@resources` Relates to: * #7000 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:54:02 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#6280

No description provided.

Rows
Columns