Merge pull request #3012 from matt335672/update_syscall_filter

Simplify allowed system calls for xrdp
neutrinolabs · Apr 12, 2024 · 0a0a393 · 0a0a393
2 parents fe0ee0f + e0e9177
commit 0a0a393
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/instfiles/xrdp.service.in b/instfiles/xrdp.service.in
@@ -10,9 +10,7 @@ EnvironmentFile=-@sysconfdir@/sysconfig/xrdp
 EnvironmentFile=-@sysconfdir@/default/xrdp
 ExecStart=@sbindir@/xrdp $XRDP_OPTIONS --nodaemon
 SystemCallArchitectures=native
-SystemCallFilter=@basic-io @file-system @io-event @ipc @network-io @process
-SystemCallFilter=@signal @system-service ioctl madvise sysinfo uname
-SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
 
 [Install]
 WantedBy=multi-user.target