Remove gui-only syscalls

MarcoFalke · MarcoFalke · commit fabdf9f870a4 · 2022-04-05T13:30:06.000+02:00
* Revert "util: Add inotify_rm_watch to syscall sandbox (AllowFileSystem)" This reverts commit f05a4cd. * Revert "util: add linkat to syscall sandbox (AllowFileSystem)" This reverts commit 9809db3.
diff --git a/src/util/syscall_sandbox.cpp b/src/util/syscall_sandbox.cpp
@@ -592,8 +592,6 @@ class SeccompPolicyBuilder
         allowed_syscalls.insert(__NR_getcwd);          // get current working directory
         allowed_syscalls.insert(__NR_getdents);        // get directory entries
         allowed_syscalls.insert(__NR_getdents64);      // get directory entries
-        allowed_syscalls.insert(__NR_inotify_rm_watch);// remove an existing watch from an inotify instance
-        allowed_syscalls.insert(__NR_linkat);          // create relative to a directory file descriptor
         allowed_syscalls.insert(__NR_lstat);           // get file status
         allowed_syscalls.insert(__NR_mkdir);           // create a directory
         allowed_syscalls.insert(__NR_newfstatat);      // get file status
