|
@@ -513,14 +513,14 @@ static void seccomp_send_sigsys(int syscall, int reason)
|
|
|
* To be fully secure this must be combined with rlimit
|
|
|
* to limit the stack allocations too.
|
|
|
*/
|
|
|
-static int mode1_syscalls[] = {
|
|
|
+static const int mode1_syscalls[] = {
|
|
|
__NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn,
|
|
|
0, /* null terminated */
|
|
|
};
|
|
|
|
|
|
static void __secure_computing_strict(int this_syscall)
|
|
|
{
|
|
|
- int *syscall_whitelist = mode1_syscalls;
|
|
|
+ const int *syscall_whitelist = mode1_syscalls;
|
|
|
#ifdef CONFIG_COMPAT
|
|
|
if (in_compat_syscall())
|
|
|
syscall_whitelist = get_compat_mode1_syscalls();
|