| Victor Hsieh | dbb8670 | 2020-06-15 09:29:07 -0700 | [diff] [blame] | 1 | # This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT. |
| 2 | # Note that the resultant policy is applied only to zygote spawned processes. |
| 3 | # |
| 4 | # The final seccomp allowlist is SYSCALLS.TXT - SECCOMP_BLOCKLIST.TXT + SECCOMP_ALLOWLIST.TXT |
| 5 | # Any entry in the blocklist must be in the syscalls file and not be in the allowlist file |
| 6 | # |
| 7 | # This file is processed by a python script named genseccomp.py. |
| 8 | |
| 9 | int swapon(const char*, int) all |
| 10 | int swapoff(const char*) all |