mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
9d90daff22
`@default-keep` should be used for syscalls used by Firejail itself only. We are moving some syscalls from `@default-keep` that do not meet this condition into the new group `@program-keep`. Syscalls in `@program-keep` are not forced to whitelist (we let users decide), but should never be present in `@default` and its sub-groups. Also move `execv` into `@obsolete` (sparc only, replaced by `execve`).
33 lines
279 B
Text
33 lines
279 B
Text
aio
|
|
all
|
|
basic-io
|
|
chown
|
|
clock
|
|
cpu-emulation
|
|
debug
|
|
default
|
|
default-keep
|
|
default-nodebuggers
|
|
file-system
|
|
io-event
|
|
ipc
|
|
keyring
|
|
memfd
|
|
memlock
|
|
module
|
|
mount
|
|
network-io
|
|
obsolete
|
|
privileged
|
|
process
|
|
program-keep
|
|
raw-io
|
|
reboot
|
|
resources
|
|
sandbox
|
|
setuid
|
|
signal
|
|
swap
|
|
sync
|
|
system-service
|
|
timer
|