3 changed files with 3 additions and 30 deletions
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@ -123,7 +123,6 @@ static int seccomp_add_default_syscall_filter(
                 * @cpu-emulation
                 * @keyring           (NB: keyring is not namespaced!)
                 * @obsolete
-                 * @pkey
                 * @swap
                 *
                 * bpf                (NB: bpffs is not namespaced!)
@ -135,6 +134,9 @@ static int seccomp_add_default_syscall_filter(
                 * nfsservctl
                 * open_by_handle_at
                 * perf_event_open
+                 * pkey_alloc
+                 * pkey_free
+                 * pkey_mprotect
                 * quotactl
                 */
        };
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@ -258,16 +258,12 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                .help = "System calls that are always permitted",
                .value =
                "clock_getres\0"
-                "clock_getres_time64\0"
                "clock_gettime\0"
-                "clock_gettime64\0"
                "clock_nanosleep\0"
-                "clock_nanosleep_time64\0"
                "execve\0"
                "exit\0"
                "exit_group\0"
                "futex\0"
-                "futex_time64\0"
                "get_robust_list\0"
                "get_thread_area\0"
                "getegid\0"
@ -316,7 +312,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "io_destroy\0"
                "io_getevents\0"
                "io_pgetevents\0"
-                "io_pgetevents_time64\0"
                "io_setup\0"
                "io_submit\0"
                "io_uring_enter\0"
@ -362,9 +357,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                .value =
                "adjtimex\0"
                "clock_adjtime\0"
-                "clock_adjtime64\0"
                "clock_settime\0"
-                "clock_settime64\0"
                "settimeofday\0"
                "stime\0"
        },
@ -472,7 +465,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "unlinkat\0"
                "utime\0"
                "utimensat\0"
-                "utimensat_time64\0"
                "utimes\0"
        },
        [SYSCALL_FILTER_SET_IO_EVENT] = {
@ -491,9 +483,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "eventfd2\0"
                "poll\0"
                "ppoll\0"
-                "ppoll_time64\0"
                "pselect6\0"
-                "pselect6_time64\0"
                "select\0"
        },
        [SYSCALL_FILTER_SET_IPC] = {
@ -506,9 +496,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "mq_notify\0"
                "mq_open\0"
                "mq_timedreceive\0"
-                "mq_timedreceive_time64\0"
                "mq_timedsend\0"
-                "mq_timedsend_time64\0"
                "mq_unlink\0"
                "msgctl\0"
                "msgget\0"
@ -522,7 +510,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "semget\0"
                "semop\0"
                "semtimedop\0"
-                "semtimedop_time64\0"
                "shmat\0"
                "shmctl\0"
                "shmdt\0"
@ -585,7 +572,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "recv\0"
                "recvfrom\0"
                "recvmmsg\0"
-                "recvmmsg_time64\0"
                "recvmsg\0"
                "send\0"
                "sendmmsg\0"
@ -629,14 +615,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "ustat\0"
                "vserver\0"
        },
-        [SYSCALL_FILTER_SET_PKEY] = {
-                .name = "@pkey",
-                .help = "System calls used for memory protection keys",
-                .value =
-                "pkey_alloc\0"
-                "pkey_free\0"
-                "pkey_mprotect\0"
-        },
        [SYSCALL_FILTER_SET_PRIVILEGED] = {
                .name = "@privileged",
                .help = "All system calls which need super-user capabilities",
@ -769,7 +747,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "rt_sigprocmask\0"
                "rt_sigsuspend\0"
                "rt_sigtimedwait\0"
-                "rt_sigtimedwait_time64\0"
                "sigaction\0"
                "sigaltstack\0"
                "signal\0"
@ -849,7 +826,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "sched_getparam\0"
                "sched_getscheduler\0"
                "sched_rr_get_interval\0"
-                "sched_rr_get_interval_time64\0"
                "sched_yield\0"
                "sendfile\0"
                "sendfile64\0"
@ -878,14 +854,10 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                "timer_delete\0"
                "timer_getoverrun\0"
                "timer_gettime\0"
-                "timer_gettime64\0"
                "timer_settime\0"
-                "timer_settime64\0"
                "timerfd_create\0"
                "timerfd_gettime\0"
-                "timerfd_gettime64\0"
                "timerfd_settime\0"
-                "timerfd_settime64\0"
                "times\0"
        },
 };
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@ -38,7 +38,6 @@ enum {
        SYSCALL_FILTER_SET_MOUNT,
        SYSCALL_FILTER_SET_NETWORK_IO,
        SYSCALL_FILTER_SET_OBSOLETE,
-        SYSCALL_FILTER_SET_PKEY,
        SYSCALL_FILTER_SET_PRIVILEGED,
        SYSCALL_FILTER_SET_PROCESS,
        SYSCALL_FILTER_SET_RAW_IO,