github.com/akerouanton/docker@v1.11.0-rc3/profiles/seccomp/seccomp_default.go (about) 1 // +build linux,seccomp 2 3 package seccomp 4 5 import ( 6 "syscall" 7 8 "github.com/docker/engine-api/types" 9 libseccomp "github.com/seccomp/libseccomp-golang" 10 ) 11 12 func arches() []types.Arch { 13 var native, err = libseccomp.GetNativeArch() 14 if err != nil { 15 return []types.Arch{} 16 } 17 var a = native.String() 18 switch a { 19 case "amd64": 20 return []types.Arch{types.ArchX86_64, types.ArchX86, types.ArchX32} 21 case "arm64": 22 return []types.Arch{types.ArchARM, types.ArchAARCH64} 23 case "mips64": 24 return []types.Arch{types.ArchMIPS, types.ArchMIPS64, types.ArchMIPS64N32} 25 case "mips64n32": 26 return []types.Arch{types.ArchMIPS, types.ArchMIPS64, types.ArchMIPS64N32} 27 case "mipsel64": 28 return []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64, types.ArchMIPSEL64N32} 29 case "mipsel64n32": 30 return []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64, types.ArchMIPSEL64N32} 31 default: 32 return []types.Arch{} 33 } 34 } 35 36 // DefaultProfile defines the whitelist for the default seccomp profile. 37 var DefaultProfile = &types.Seccomp{ 38 DefaultAction: types.ActErrno, 39 Architectures: arches(), 40 Syscalls: []*types.Syscall{ 41 { 42 Name: "accept", 43 Action: types.ActAllow, 44 Args: []*types.Arg{}, 45 }, 46 { 47 Name: "accept4", 48 Action: types.ActAllow, 49 Args: []*types.Arg{}, 50 }, 51 { 52 Name: "access", 53 Action: types.ActAllow, 54 Args: []*types.Arg{}, 55 }, 56 { 57 Name: "alarm", 58 Action: types.ActAllow, 59 Args: []*types.Arg{}, 60 }, 61 { 62 Name: "arch_prctl", 63 Action: types.ActAllow, 64 Args: []*types.Arg{}, 65 }, 66 { 67 Name: "bind", 68 Action: types.ActAllow, 69 Args: []*types.Arg{}, 70 }, 71 { 72 Name: "brk", 73 Action: types.ActAllow, 74 Args: []*types.Arg{}, 75 }, 76 { 77 Name: "capget", 78 Action: types.ActAllow, 79 Args: []*types.Arg{}, 80 }, 81 { 82 Name: "capset", 83 Action: types.ActAllow, 84 Args: []*types.Arg{}, 85 }, 86 { 87 Name: "chdir", 88 Action: types.ActAllow, 89 Args: []*types.Arg{}, 90 }, 91 { 92 Name: "chmod", 93 Action: types.ActAllow, 94 Args: []*types.Arg{}, 95 }, 96 { 97 Name: "chown", 98 Action: types.ActAllow, 99 Args: []*types.Arg{}, 100 }, 101 { 102 Name: "chown32", 103 Action: types.ActAllow, 104 Args: []*types.Arg{}, 105 }, 106 { 107 Name: "chroot", 108 Action: types.ActAllow, 109 Args: []*types.Arg{}, 110 }, 111 { 112 Name: "clock_getres", 113 Action: types.ActAllow, 114 Args: []*types.Arg{}, 115 }, 116 { 117 Name: "clock_gettime", 118 Action: types.ActAllow, 119 Args: []*types.Arg{}, 120 }, 121 { 122 Name: "clock_nanosleep", 123 Action: types.ActAllow, 124 Args: []*types.Arg{}, 125 }, 126 { 127 Name: "clone", 128 Action: types.ActAllow, 129 Args: []*types.Arg{ 130 { 131 Index: 0, 132 Value: syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET, 133 ValueTwo: 0, 134 Op: types.OpMaskedEqual, 135 }, 136 }, 137 }, 138 { 139 Name: "close", 140 Action: types.ActAllow, 141 Args: []*types.Arg{}, 142 }, 143 { 144 Name: "connect", 145 Action: types.ActAllow, 146 Args: []*types.Arg{}, 147 }, 148 { 149 Name: "copy_file_range", 150 Action: types.ActAllow, 151 Args: []*types.Arg{}, 152 }, 153 { 154 Name: "creat", 155 Action: types.ActAllow, 156 Args: []*types.Arg{}, 157 }, 158 { 159 Name: "dup", 160 Action: types.ActAllow, 161 Args: []*types.Arg{}, 162 }, 163 { 164 Name: "dup2", 165 Action: types.ActAllow, 166 Args: []*types.Arg{}, 167 }, 168 { 169 Name: "dup3", 170 Action: types.ActAllow, 171 Args: []*types.Arg{}, 172 }, 173 { 174 Name: "epoll_create", 175 Action: types.ActAllow, 176 Args: []*types.Arg{}, 177 }, 178 { 179 Name: "epoll_create1", 180 Action: types.ActAllow, 181 Args: []*types.Arg{}, 182 }, 183 { 184 Name: "epoll_ctl", 185 Action: types.ActAllow, 186 Args: []*types.Arg{}, 187 }, 188 { 189 Name: "epoll_ctl_old", 190 Action: types.ActAllow, 191 Args: []*types.Arg{}, 192 }, 193 { 194 Name: "epoll_pwait", 195 Action: types.ActAllow, 196 Args: []*types.Arg{}, 197 }, 198 { 199 Name: "epoll_wait", 200 Action: types.ActAllow, 201 Args: []*types.Arg{}, 202 }, 203 { 204 Name: "epoll_wait_old", 205 Action: types.ActAllow, 206 Args: []*types.Arg{}, 207 }, 208 { 209 Name: "eventfd", 210 Action: types.ActAllow, 211 Args: []*types.Arg{}, 212 }, 213 { 214 Name: "eventfd2", 215 Action: types.ActAllow, 216 Args: []*types.Arg{}, 217 }, 218 { 219 Name: "execve", 220 Action: types.ActAllow, 221 Args: []*types.Arg{}, 222 }, 223 { 224 Name: "execveat", 225 Action: types.ActAllow, 226 Args: []*types.Arg{}, 227 }, 228 { 229 Name: "exit", 230 Action: types.ActAllow, 231 Args: []*types.Arg{}, 232 }, 233 { 234 Name: "exit_group", 235 Action: types.ActAllow, 236 Args: []*types.Arg{}, 237 }, 238 { 239 Name: "faccessat", 240 Action: types.ActAllow, 241 Args: []*types.Arg{}, 242 }, 243 { 244 Name: "fadvise64", 245 Action: types.ActAllow, 246 Args: []*types.Arg{}, 247 }, 248 { 249 Name: "fadvise64_64", 250 Action: types.ActAllow, 251 Args: []*types.Arg{}, 252 }, 253 { 254 Name: "fallocate", 255 Action: types.ActAllow, 256 Args: []*types.Arg{}, 257 }, 258 { 259 Name: "fanotify_init", 260 Action: types.ActAllow, 261 Args: []*types.Arg{}, 262 }, 263 { 264 Name: "fanotify_mark", 265 Action: types.ActAllow, 266 Args: []*types.Arg{}, 267 }, 268 { 269 Name: "fchdir", 270 Action: types.ActAllow, 271 Args: []*types.Arg{}, 272 }, 273 { 274 Name: "fchmod", 275 Action: types.ActAllow, 276 Args: []*types.Arg{}, 277 }, 278 { 279 Name: "fchmodat", 280 Action: types.ActAllow, 281 Args: []*types.Arg{}, 282 }, 283 { 284 Name: "fchown", 285 Action: types.ActAllow, 286 Args: []*types.Arg{}, 287 }, 288 { 289 Name: "fchown32", 290 Action: types.ActAllow, 291 Args: []*types.Arg{}, 292 }, 293 { 294 Name: "fchownat", 295 Action: types.ActAllow, 296 Args: []*types.Arg{}, 297 }, 298 { 299 Name: "fcntl", 300 Action: types.ActAllow, 301 Args: []*types.Arg{}, 302 }, 303 { 304 Name: "fcntl64", 305 Action: types.ActAllow, 306 Args: []*types.Arg{}, 307 }, 308 { 309 Name: "fdatasync", 310 Action: types.ActAllow, 311 Args: []*types.Arg{}, 312 }, 313 { 314 Name: "fgetxattr", 315 Action: types.ActAllow, 316 Args: []*types.Arg{}, 317 }, 318 { 319 Name: "flistxattr", 320 Action: types.ActAllow, 321 Args: []*types.Arg{}, 322 }, 323 { 324 Name: "flock", 325 Action: types.ActAllow, 326 Args: []*types.Arg{}, 327 }, 328 { 329 Name: "fork", 330 Action: types.ActAllow, 331 Args: []*types.Arg{}, 332 }, 333 { 334 Name: "fremovexattr", 335 Action: types.ActAllow, 336 Args: []*types.Arg{}, 337 }, 338 { 339 Name: "fsetxattr", 340 Action: types.ActAllow, 341 Args: []*types.Arg{}, 342 }, 343 { 344 Name: "fstat", 345 Action: types.ActAllow, 346 Args: []*types.Arg{}, 347 }, 348 { 349 Name: "fstat64", 350 Action: types.ActAllow, 351 Args: []*types.Arg{}, 352 }, 353 { 354 Name: "fstatat64", 355 Action: types.ActAllow, 356 Args: []*types.Arg{}, 357 }, 358 { 359 Name: "fstatfs", 360 Action: types.ActAllow, 361 Args: []*types.Arg{}, 362 }, 363 { 364 Name: "fstatfs64", 365 Action: types.ActAllow, 366 Args: []*types.Arg{}, 367 }, 368 { 369 Name: "fsync", 370 Action: types.ActAllow, 371 Args: []*types.Arg{}, 372 }, 373 { 374 Name: "ftruncate", 375 Action: types.ActAllow, 376 Args: []*types.Arg{}, 377 }, 378 { 379 Name: "ftruncate64", 380 Action: types.ActAllow, 381 Args: []*types.Arg{}, 382 }, 383 { 384 Name: "futex", 385 Action: types.ActAllow, 386 Args: []*types.Arg{}, 387 }, 388 { 389 Name: "futimesat", 390 Action: types.ActAllow, 391 Args: []*types.Arg{}, 392 }, 393 { 394 Name: "getcpu", 395 Action: types.ActAllow, 396 Args: []*types.Arg{}, 397 }, 398 { 399 Name: "getcwd", 400 Action: types.ActAllow, 401 Args: []*types.Arg{}, 402 }, 403 { 404 Name: "getdents", 405 Action: types.ActAllow, 406 Args: []*types.Arg{}, 407 }, 408 { 409 Name: "getdents64", 410 Action: types.ActAllow, 411 Args: []*types.Arg{}, 412 }, 413 { 414 Name: "getegid", 415 Action: types.ActAllow, 416 Args: []*types.Arg{}, 417 }, 418 { 419 Name: "getegid32", 420 Action: types.ActAllow, 421 Args: []*types.Arg{}, 422 }, 423 { 424 Name: "geteuid", 425 Action: types.ActAllow, 426 Args: []*types.Arg{}, 427 }, 428 { 429 Name: "geteuid32", 430 Action: types.ActAllow, 431 Args: []*types.Arg{}, 432 }, 433 { 434 Name: "getgid", 435 Action: types.ActAllow, 436 Args: []*types.Arg{}, 437 }, 438 { 439 Name: "getgid32", 440 Action: types.ActAllow, 441 Args: []*types.Arg{}, 442 }, 443 { 444 Name: "getgroups", 445 Action: types.ActAllow, 446 Args: []*types.Arg{}, 447 }, 448 { 449 Name: "getgroups32", 450 Action: types.ActAllow, 451 Args: []*types.Arg{}, 452 }, 453 { 454 Name: "getitimer", 455 Action: types.ActAllow, 456 Args: []*types.Arg{}, 457 }, 458 { 459 Name: "getpeername", 460 Action: types.ActAllow, 461 Args: []*types.Arg{}, 462 }, 463 { 464 Name: "getpgid", 465 Action: types.ActAllow, 466 Args: []*types.Arg{}, 467 }, 468 { 469 Name: "getpgrp", 470 Action: types.ActAllow, 471 Args: []*types.Arg{}, 472 }, 473 { 474 Name: "getpid", 475 Action: types.ActAllow, 476 Args: []*types.Arg{}, 477 }, 478 { 479 Name: "getppid", 480 Action: types.ActAllow, 481 Args: []*types.Arg{}, 482 }, 483 { 484 Name: "getpriority", 485 Action: types.ActAllow, 486 Args: []*types.Arg{}, 487 }, 488 { 489 Name: "getrandom", 490 Action: types.ActAllow, 491 Args: []*types.Arg{}, 492 }, 493 { 494 Name: "getresgid", 495 Action: types.ActAllow, 496 Args: []*types.Arg{}, 497 }, 498 { 499 Name: "getresgid32", 500 Action: types.ActAllow, 501 Args: []*types.Arg{}, 502 }, 503 { 504 Name: "getresuid", 505 Action: types.ActAllow, 506 Args: []*types.Arg{}, 507 }, 508 { 509 Name: "getresuid32", 510 Action: types.ActAllow, 511 Args: []*types.Arg{}, 512 }, 513 { 514 Name: "getrlimit", 515 Action: types.ActAllow, 516 Args: []*types.Arg{}, 517 }, 518 { 519 Name: "get_robust_list", 520 Action: types.ActAllow, 521 Args: []*types.Arg{}, 522 }, 523 { 524 Name: "getrusage", 525 Action: types.ActAllow, 526 Args: []*types.Arg{}, 527 }, 528 { 529 Name: "getsid", 530 Action: types.ActAllow, 531 Args: []*types.Arg{}, 532 }, 533 { 534 Name: "getsockname", 535 Action: types.ActAllow, 536 Args: []*types.Arg{}, 537 }, 538 { 539 Name: "getsockopt", 540 Action: types.ActAllow, 541 Args: []*types.Arg{}, 542 }, 543 { 544 Name: "get_thread_area", 545 Action: types.ActAllow, 546 Args: []*types.Arg{}, 547 }, 548 { 549 Name: "gettid", 550 Action: types.ActAllow, 551 Args: []*types.Arg{}, 552 }, 553 { 554 Name: "gettimeofday", 555 Action: types.ActAllow, 556 Args: []*types.Arg{}, 557 }, 558 { 559 Name: "getuid", 560 Action: types.ActAllow, 561 Args: []*types.Arg{}, 562 }, 563 { 564 Name: "getuid32", 565 Action: types.ActAllow, 566 Args: []*types.Arg{}, 567 }, 568 { 569 Name: "getxattr", 570 Action: types.ActAllow, 571 Args: []*types.Arg{}, 572 }, 573 { 574 Name: "inotify_add_watch", 575 Action: types.ActAllow, 576 Args: []*types.Arg{}, 577 }, 578 { 579 Name: "inotify_init", 580 Action: types.ActAllow, 581 Args: []*types.Arg{}, 582 }, 583 { 584 Name: "inotify_init1", 585 Action: types.ActAllow, 586 Args: []*types.Arg{}, 587 }, 588 { 589 Name: "inotify_rm_watch", 590 Action: types.ActAllow, 591 Args: []*types.Arg{}, 592 }, 593 { 594 Name: "io_cancel", 595 Action: types.ActAllow, 596 Args: []*types.Arg{}, 597 }, 598 { 599 Name: "ioctl", 600 Action: types.ActAllow, 601 Args: []*types.Arg{}, 602 }, 603 { 604 Name: "io_destroy", 605 Action: types.ActAllow, 606 Args: []*types.Arg{}, 607 }, 608 { 609 Name: "io_getevents", 610 Action: types.ActAllow, 611 Args: []*types.Arg{}, 612 }, 613 { 614 Name: "ioprio_get", 615 Action: types.ActAllow, 616 Args: []*types.Arg{}, 617 }, 618 { 619 Name: "ioprio_set", 620 Action: types.ActAllow, 621 Args: []*types.Arg{}, 622 }, 623 { 624 Name: "io_setup", 625 Action: types.ActAllow, 626 Args: []*types.Arg{}, 627 }, 628 { 629 Name: "io_submit", 630 Action: types.ActAllow, 631 Args: []*types.Arg{}, 632 }, 633 { 634 Name: "ipc", 635 Action: types.ActAllow, 636 Args: []*types.Arg{}, 637 }, 638 { 639 Name: "kill", 640 Action: types.ActAllow, 641 Args: []*types.Arg{}, 642 }, 643 { 644 Name: "lchown", 645 Action: types.ActAllow, 646 Args: []*types.Arg{}, 647 }, 648 { 649 Name: "lchown32", 650 Action: types.ActAllow, 651 Args: []*types.Arg{}, 652 }, 653 { 654 Name: "lgetxattr", 655 Action: types.ActAllow, 656 Args: []*types.Arg{}, 657 }, 658 { 659 Name: "link", 660 Action: types.ActAllow, 661 Args: []*types.Arg{}, 662 }, 663 { 664 Name: "linkat", 665 Action: types.ActAllow, 666 Args: []*types.Arg{}, 667 }, 668 { 669 Name: "listen", 670 Action: types.ActAllow, 671 Args: []*types.Arg{}, 672 }, 673 { 674 Name: "listxattr", 675 Action: types.ActAllow, 676 Args: []*types.Arg{}, 677 }, 678 { 679 Name: "llistxattr", 680 Action: types.ActAllow, 681 Args: []*types.Arg{}, 682 }, 683 { 684 Name: "_llseek", 685 Action: types.ActAllow, 686 Args: []*types.Arg{}, 687 }, 688 { 689 Name: "lremovexattr", 690 Action: types.ActAllow, 691 Args: []*types.Arg{}, 692 }, 693 { 694 Name: "lseek", 695 Action: types.ActAllow, 696 Args: []*types.Arg{}, 697 }, 698 { 699 Name: "lsetxattr", 700 Action: types.ActAllow, 701 Args: []*types.Arg{}, 702 }, 703 { 704 Name: "lstat", 705 Action: types.ActAllow, 706 Args: []*types.Arg{}, 707 }, 708 { 709 Name: "lstat64", 710 Action: types.ActAllow, 711 Args: []*types.Arg{}, 712 }, 713 { 714 Name: "madvise", 715 Action: types.ActAllow, 716 Args: []*types.Arg{}, 717 }, 718 { 719 Name: "memfd_create", 720 Action: types.ActAllow, 721 Args: []*types.Arg{}, 722 }, 723 { 724 Name: "mincore", 725 Action: types.ActAllow, 726 Args: []*types.Arg{}, 727 }, 728 { 729 Name: "mkdir", 730 Action: types.ActAllow, 731 Args: []*types.Arg{}, 732 }, 733 { 734 Name: "mkdirat", 735 Action: types.ActAllow, 736 Args: []*types.Arg{}, 737 }, 738 { 739 Name: "mknod", 740 Action: types.ActAllow, 741 Args: []*types.Arg{}, 742 }, 743 { 744 Name: "mknodat", 745 Action: types.ActAllow, 746 Args: []*types.Arg{}, 747 }, 748 { 749 Name: "mlock", 750 Action: types.ActAllow, 751 Args: []*types.Arg{}, 752 }, 753 { 754 Name: "mlock2", 755 Action: types.ActAllow, 756 Args: []*types.Arg{}, 757 }, 758 { 759 Name: "mlockall", 760 Action: types.ActAllow, 761 Args: []*types.Arg{}, 762 }, 763 { 764 Name: "mmap", 765 Action: types.ActAllow, 766 Args: []*types.Arg{}, 767 }, 768 { 769 Name: "mmap2", 770 Action: types.ActAllow, 771 Args: []*types.Arg{}, 772 }, 773 { 774 Name: "mprotect", 775 Action: types.ActAllow, 776 Args: []*types.Arg{}, 777 }, 778 { 779 Name: "mq_getsetattr", 780 Action: types.ActAllow, 781 Args: []*types.Arg{}, 782 }, 783 { 784 Name: "mq_notify", 785 Action: types.ActAllow, 786 Args: []*types.Arg{}, 787 }, 788 { 789 Name: "mq_open", 790 Action: types.ActAllow, 791 Args: []*types.Arg{}, 792 }, 793 { 794 Name: "mq_timedreceive", 795 Action: types.ActAllow, 796 Args: []*types.Arg{}, 797 }, 798 { 799 Name: "mq_timedsend", 800 Action: types.ActAllow, 801 Args: []*types.Arg{}, 802 }, 803 { 804 Name: "mq_unlink", 805 Action: types.ActAllow, 806 Args: []*types.Arg{}, 807 }, 808 { 809 Name: "mremap", 810 Action: types.ActAllow, 811 Args: []*types.Arg{}, 812 }, 813 { 814 Name: "msgctl", 815 Action: types.ActAllow, 816 Args: []*types.Arg{}, 817 }, 818 { 819 Name: "msgget", 820 Action: types.ActAllow, 821 Args: []*types.Arg{}, 822 }, 823 { 824 Name: "msgrcv", 825 Action: types.ActAllow, 826 Args: []*types.Arg{}, 827 }, 828 { 829 Name: "msgsnd", 830 Action: types.ActAllow, 831 Args: []*types.Arg{}, 832 }, 833 { 834 Name: "msync", 835 Action: types.ActAllow, 836 Args: []*types.Arg{}, 837 }, 838 { 839 Name: "munlock", 840 Action: types.ActAllow, 841 Args: []*types.Arg{}, 842 }, 843 { 844 Name: "munlockall", 845 Action: types.ActAllow, 846 Args: []*types.Arg{}, 847 }, 848 { 849 Name: "munmap", 850 Action: types.ActAllow, 851 Args: []*types.Arg{}, 852 }, 853 { 854 Name: "nanosleep", 855 Action: types.ActAllow, 856 Args: []*types.Arg{}, 857 }, 858 { 859 Name: "newfstatat", 860 Action: types.ActAllow, 861 Args: []*types.Arg{}, 862 }, 863 { 864 Name: "_newselect", 865 Action: types.ActAllow, 866 Args: []*types.Arg{}, 867 }, 868 { 869 Name: "open", 870 Action: types.ActAllow, 871 Args: []*types.Arg{}, 872 }, 873 { 874 Name: "openat", 875 Action: types.ActAllow, 876 Args: []*types.Arg{}, 877 }, 878 { 879 Name: "pause", 880 Action: types.ActAllow, 881 Args: []*types.Arg{}, 882 }, 883 { 884 Name: "personality", 885 Action: types.ActAllow, 886 Args: []*types.Arg{ 887 { 888 Index: 0, 889 Value: 0x0, 890 Op: types.OpEqualTo, 891 }, 892 }, 893 }, 894 { 895 Name: "personality", 896 Action: types.ActAllow, 897 Args: []*types.Arg{ 898 { 899 Index: 0, 900 Value: 0x0008, 901 Op: types.OpEqualTo, 902 }, 903 }, 904 }, 905 { 906 Name: "personality", 907 Action: types.ActAllow, 908 Args: []*types.Arg{ 909 { 910 Index: 0, 911 Value: 0xffffffff, 912 Op: types.OpEqualTo, 913 }, 914 }, 915 }, 916 { 917 Name: "pipe", 918 Action: types.ActAllow, 919 Args: []*types.Arg{}, 920 }, 921 { 922 Name: "pipe2", 923 Action: types.ActAllow, 924 Args: []*types.Arg{}, 925 }, 926 { 927 Name: "poll", 928 Action: types.ActAllow, 929 Args: []*types.Arg{}, 930 }, 931 { 932 Name: "ppoll", 933 Action: types.ActAllow, 934 Args: []*types.Arg{}, 935 }, 936 { 937 Name: "prctl", 938 Action: types.ActAllow, 939 Args: []*types.Arg{}, 940 }, 941 { 942 Name: "pread64", 943 Action: types.ActAllow, 944 Args: []*types.Arg{}, 945 }, 946 { 947 Name: "preadv", 948 Action: types.ActAllow, 949 Args: []*types.Arg{}, 950 }, 951 { 952 Name: "prlimit64", 953 Action: types.ActAllow, 954 Args: []*types.Arg{}, 955 }, 956 { 957 Name: "pselect6", 958 Action: types.ActAllow, 959 Args: []*types.Arg{}, 960 }, 961 { 962 Name: "pwrite64", 963 Action: types.ActAllow, 964 Args: []*types.Arg{}, 965 }, 966 { 967 Name: "pwritev", 968 Action: types.ActAllow, 969 Args: []*types.Arg{}, 970 }, 971 { 972 Name: "read", 973 Action: types.ActAllow, 974 Args: []*types.Arg{}, 975 }, 976 { 977 Name: "readahead", 978 Action: types.ActAllow, 979 Args: []*types.Arg{}, 980 }, 981 { 982 Name: "readlink", 983 Action: types.ActAllow, 984 Args: []*types.Arg{}, 985 }, 986 { 987 Name: "readlinkat", 988 Action: types.ActAllow, 989 Args: []*types.Arg{}, 990 }, 991 { 992 Name: "readv", 993 Action: types.ActAllow, 994 Args: []*types.Arg{}, 995 }, 996 { 997 Name: "recv", 998 Action: types.ActAllow, 999 Args: []*types.Arg{}, 1000 }, 1001 { 1002 Name: "recvfrom", 1003 Action: types.ActAllow, 1004 Args: []*types.Arg{}, 1005 }, 1006 { 1007 Name: "recvmmsg", 1008 Action: types.ActAllow, 1009 Args: []*types.Arg{}, 1010 }, 1011 { 1012 Name: "recvmsg", 1013 Action: types.ActAllow, 1014 Args: []*types.Arg{}, 1015 }, 1016 { 1017 Name: "remap_file_pages", 1018 Action: types.ActAllow, 1019 Args: []*types.Arg{}, 1020 }, 1021 { 1022 Name: "removexattr", 1023 Action: types.ActAllow, 1024 Args: []*types.Arg{}, 1025 }, 1026 { 1027 Name: "rename", 1028 Action: types.ActAllow, 1029 Args: []*types.Arg{}, 1030 }, 1031 { 1032 Name: "renameat", 1033 Action: types.ActAllow, 1034 Args: []*types.Arg{}, 1035 }, 1036 { 1037 Name: "renameat2", 1038 Action: types.ActAllow, 1039 Args: []*types.Arg{}, 1040 }, 1041 { 1042 Name: "restart_syscall", 1043 Action: types.ActAllow, 1044 Args: []*types.Arg{}, 1045 }, 1046 { 1047 Name: "rmdir", 1048 Action: types.ActAllow, 1049 Args: []*types.Arg{}, 1050 }, 1051 { 1052 Name: "rt_sigaction", 1053 Action: types.ActAllow, 1054 Args: []*types.Arg{}, 1055 }, 1056 { 1057 Name: "rt_sigpending", 1058 Action: types.ActAllow, 1059 Args: []*types.Arg{}, 1060 }, 1061 { 1062 Name: "rt_sigprocmask", 1063 Action: types.ActAllow, 1064 Args: []*types.Arg{}, 1065 }, 1066 { 1067 Name: "rt_sigqueueinfo", 1068 Action: types.ActAllow, 1069 Args: []*types.Arg{}, 1070 }, 1071 { 1072 Name: "rt_sigreturn", 1073 Action: types.ActAllow, 1074 Args: []*types.Arg{}, 1075 }, 1076 { 1077 Name: "rt_sigsuspend", 1078 Action: types.ActAllow, 1079 Args: []*types.Arg{}, 1080 }, 1081 { 1082 Name: "rt_sigtimedwait", 1083 Action: types.ActAllow, 1084 Args: []*types.Arg{}, 1085 }, 1086 { 1087 Name: "rt_tgsigqueueinfo", 1088 Action: types.ActAllow, 1089 Args: []*types.Arg{}, 1090 }, 1091 { 1092 Name: "sched_getaffinity", 1093 Action: types.ActAllow, 1094 Args: []*types.Arg{}, 1095 }, 1096 { 1097 Name: "sched_getattr", 1098 Action: types.ActAllow, 1099 Args: []*types.Arg{}, 1100 }, 1101 { 1102 Name: "sched_getparam", 1103 Action: types.ActAllow, 1104 Args: []*types.Arg{}, 1105 }, 1106 { 1107 Name: "sched_get_priority_max", 1108 Action: types.ActAllow, 1109 Args: []*types.Arg{}, 1110 }, 1111 { 1112 Name: "sched_get_priority_min", 1113 Action: types.ActAllow, 1114 Args: []*types.Arg{}, 1115 }, 1116 { 1117 Name: "sched_getscheduler", 1118 Action: types.ActAllow, 1119 Args: []*types.Arg{}, 1120 }, 1121 { 1122 Name: "sched_rr_get_interval", 1123 Action: types.ActAllow, 1124 Args: []*types.Arg{}, 1125 }, 1126 { 1127 Name: "sched_setaffinity", 1128 Action: types.ActAllow, 1129 Args: []*types.Arg{}, 1130 }, 1131 { 1132 Name: "sched_setattr", 1133 Action: types.ActAllow, 1134 Args: []*types.Arg{}, 1135 }, 1136 { 1137 Name: "sched_setparam", 1138 Action: types.ActAllow, 1139 Args: []*types.Arg{}, 1140 }, 1141 { 1142 Name: "sched_setscheduler", 1143 Action: types.ActAllow, 1144 Args: []*types.Arg{}, 1145 }, 1146 { 1147 Name: "sched_yield", 1148 Action: types.ActAllow, 1149 Args: []*types.Arg{}, 1150 }, 1151 { 1152 Name: "seccomp", 1153 Action: types.ActAllow, 1154 Args: []*types.Arg{}, 1155 }, 1156 { 1157 Name: "select", 1158 Action: types.ActAllow, 1159 Args: []*types.Arg{}, 1160 }, 1161 { 1162 Name: "semctl", 1163 Action: types.ActAllow, 1164 Args: []*types.Arg{}, 1165 }, 1166 { 1167 Name: "semget", 1168 Action: types.ActAllow, 1169 Args: []*types.Arg{}, 1170 }, 1171 { 1172 Name: "semop", 1173 Action: types.ActAllow, 1174 Args: []*types.Arg{}, 1175 }, 1176 { 1177 Name: "semtimedop", 1178 Action: types.ActAllow, 1179 Args: []*types.Arg{}, 1180 }, 1181 { 1182 Name: "send", 1183 Action: types.ActAllow, 1184 Args: []*types.Arg{}, 1185 }, 1186 { 1187 Name: "sendfile", 1188 Action: types.ActAllow, 1189 Args: []*types.Arg{}, 1190 }, 1191 { 1192 Name: "sendfile64", 1193 Action: types.ActAllow, 1194 Args: []*types.Arg{}, 1195 }, 1196 { 1197 Name: "sendmmsg", 1198 Action: types.ActAllow, 1199 Args: []*types.Arg{}, 1200 }, 1201 { 1202 Name: "sendmsg", 1203 Action: types.ActAllow, 1204 Args: []*types.Arg{}, 1205 }, 1206 { 1207 Name: "sendto", 1208 Action: types.ActAllow, 1209 Args: []*types.Arg{}, 1210 }, 1211 { 1212 Name: "setdomainname", 1213 Action: types.ActAllow, 1214 Args: []*types.Arg{}, 1215 }, 1216 { 1217 Name: "setfsgid", 1218 Action: types.ActAllow, 1219 Args: []*types.Arg{}, 1220 }, 1221 { 1222 Name: "setfsgid32", 1223 Action: types.ActAllow, 1224 Args: []*types.Arg{}, 1225 }, 1226 { 1227 Name: "setfsuid", 1228 Action: types.ActAllow, 1229 Args: []*types.Arg{}, 1230 }, 1231 { 1232 Name: "setfsuid32", 1233 Action: types.ActAllow, 1234 Args: []*types.Arg{}, 1235 }, 1236 { 1237 Name: "setgid", 1238 Action: types.ActAllow, 1239 Args: []*types.Arg{}, 1240 }, 1241 { 1242 Name: "setgid32", 1243 Action: types.ActAllow, 1244 Args: []*types.Arg{}, 1245 }, 1246 { 1247 Name: "setgroups", 1248 Action: types.ActAllow, 1249 Args: []*types.Arg{}, 1250 }, 1251 { 1252 Name: "setgroups32", 1253 Action: types.ActAllow, 1254 Args: []*types.Arg{}, 1255 }, 1256 { 1257 Name: "sethostname", 1258 Action: types.ActAllow, 1259 Args: []*types.Arg{}, 1260 }, 1261 { 1262 Name: "setitimer", 1263 Action: types.ActAllow, 1264 Args: []*types.Arg{}, 1265 }, 1266 { 1267 Name: "setpgid", 1268 Action: types.ActAllow, 1269 Args: []*types.Arg{}, 1270 }, 1271 { 1272 Name: "setpriority", 1273 Action: types.ActAllow, 1274 Args: []*types.Arg{}, 1275 }, 1276 { 1277 Name: "setregid", 1278 Action: types.ActAllow, 1279 Args: []*types.Arg{}, 1280 }, 1281 { 1282 Name: "setregid32", 1283 Action: types.ActAllow, 1284 Args: []*types.Arg{}, 1285 }, 1286 { 1287 Name: "setresgid", 1288 Action: types.ActAllow, 1289 Args: []*types.Arg{}, 1290 }, 1291 { 1292 Name: "setresgid32", 1293 Action: types.ActAllow, 1294 Args: []*types.Arg{}, 1295 }, 1296 { 1297 Name: "setresuid", 1298 Action: types.ActAllow, 1299 Args: []*types.Arg{}, 1300 }, 1301 { 1302 Name: "setresuid32", 1303 Action: types.ActAllow, 1304 Args: []*types.Arg{}, 1305 }, 1306 { 1307 Name: "setreuid", 1308 Action: types.ActAllow, 1309 Args: []*types.Arg{}, 1310 }, 1311 { 1312 Name: "setreuid32", 1313 Action: types.ActAllow, 1314 Args: []*types.Arg{}, 1315 }, 1316 { 1317 Name: "setrlimit", 1318 Action: types.ActAllow, 1319 Args: []*types.Arg{}, 1320 }, 1321 { 1322 Name: "set_robust_list", 1323 Action: types.ActAllow, 1324 Args: []*types.Arg{}, 1325 }, 1326 { 1327 Name: "setsid", 1328 Action: types.ActAllow, 1329 Args: []*types.Arg{}, 1330 }, 1331 { 1332 Name: "setsockopt", 1333 Action: types.ActAllow, 1334 Args: []*types.Arg{}, 1335 }, 1336 { 1337 Name: "set_thread_area", 1338 Action: types.ActAllow, 1339 Args: []*types.Arg{}, 1340 }, 1341 { 1342 Name: "set_tid_address", 1343 Action: types.ActAllow, 1344 Args: []*types.Arg{}, 1345 }, 1346 { 1347 Name: "setuid", 1348 Action: types.ActAllow, 1349 Args: []*types.Arg{}, 1350 }, 1351 { 1352 Name: "setuid32", 1353 Action: types.ActAllow, 1354 Args: []*types.Arg{}, 1355 }, 1356 { 1357 Name: "setxattr", 1358 Action: types.ActAllow, 1359 Args: []*types.Arg{}, 1360 }, 1361 { 1362 Name: "shmat", 1363 Action: types.ActAllow, 1364 Args: []*types.Arg{}, 1365 }, 1366 { 1367 Name: "shmctl", 1368 Action: types.ActAllow, 1369 Args: []*types.Arg{}, 1370 }, 1371 { 1372 Name: "shmdt", 1373 Action: types.ActAllow, 1374 Args: []*types.Arg{}, 1375 }, 1376 { 1377 Name: "shmget", 1378 Action: types.ActAllow, 1379 Args: []*types.Arg{}, 1380 }, 1381 { 1382 Name: "shutdown", 1383 Action: types.ActAllow, 1384 Args: []*types.Arg{}, 1385 }, 1386 { 1387 Name: "sigaltstack", 1388 Action: types.ActAllow, 1389 Args: []*types.Arg{}, 1390 }, 1391 { 1392 Name: "signalfd", 1393 Action: types.ActAllow, 1394 Args: []*types.Arg{}, 1395 }, 1396 { 1397 Name: "signalfd4", 1398 Action: types.ActAllow, 1399 Args: []*types.Arg{}, 1400 }, 1401 { 1402 Name: "sigreturn", 1403 Action: types.ActAllow, 1404 Args: []*types.Arg{}, 1405 }, 1406 { 1407 Name: "socket", 1408 Action: types.ActAllow, 1409 Args: []*types.Arg{}, 1410 }, 1411 { 1412 Name: "socketpair", 1413 Action: types.ActAllow, 1414 Args: []*types.Arg{}, 1415 }, 1416 { 1417 Name: "splice", 1418 Action: types.ActAllow, 1419 Args: []*types.Arg{}, 1420 }, 1421 { 1422 Name: "stat", 1423 Action: types.ActAllow, 1424 Args: []*types.Arg{}, 1425 }, 1426 { 1427 Name: "stat64", 1428 Action: types.ActAllow, 1429 Args: []*types.Arg{}, 1430 }, 1431 { 1432 Name: "statfs", 1433 Action: types.ActAllow, 1434 Args: []*types.Arg{}, 1435 }, 1436 { 1437 Name: "statfs64", 1438 Action: types.ActAllow, 1439 Args: []*types.Arg{}, 1440 }, 1441 { 1442 Name: "symlink", 1443 Action: types.ActAllow, 1444 Args: []*types.Arg{}, 1445 }, 1446 { 1447 Name: "symlinkat", 1448 Action: types.ActAllow, 1449 Args: []*types.Arg{}, 1450 }, 1451 { 1452 Name: "sync", 1453 Action: types.ActAllow, 1454 Args: []*types.Arg{}, 1455 }, 1456 { 1457 Name: "sync_file_range", 1458 Action: types.ActAllow, 1459 Args: []*types.Arg{}, 1460 }, 1461 { 1462 Name: "syncfs", 1463 Action: types.ActAllow, 1464 Args: []*types.Arg{}, 1465 }, 1466 { 1467 Name: "sysinfo", 1468 Action: types.ActAllow, 1469 Args: []*types.Arg{}, 1470 }, 1471 { 1472 Name: "syslog", 1473 Action: types.ActAllow, 1474 Args: []*types.Arg{}, 1475 }, 1476 { 1477 Name: "tee", 1478 Action: types.ActAllow, 1479 Args: []*types.Arg{}, 1480 }, 1481 { 1482 Name: "tgkill", 1483 Action: types.ActAllow, 1484 Args: []*types.Arg{}, 1485 }, 1486 { 1487 Name: "time", 1488 Action: types.ActAllow, 1489 Args: []*types.Arg{}, 1490 }, 1491 { 1492 Name: "timer_create", 1493 Action: types.ActAllow, 1494 Args: []*types.Arg{}, 1495 }, 1496 { 1497 Name: "timer_delete", 1498 Action: types.ActAllow, 1499 Args: []*types.Arg{}, 1500 }, 1501 { 1502 Name: "timerfd_create", 1503 Action: types.ActAllow, 1504 Args: []*types.Arg{}, 1505 }, 1506 { 1507 Name: "timerfd_gettime", 1508 Action: types.ActAllow, 1509 Args: []*types.Arg{}, 1510 }, 1511 { 1512 Name: "timerfd_settime", 1513 Action: types.ActAllow, 1514 Args: []*types.Arg{}, 1515 }, 1516 { 1517 Name: "timer_getoverrun", 1518 Action: types.ActAllow, 1519 Args: []*types.Arg{}, 1520 }, 1521 { 1522 Name: "timer_gettime", 1523 Action: types.ActAllow, 1524 Args: []*types.Arg{}, 1525 }, 1526 { 1527 Name: "timer_settime", 1528 Action: types.ActAllow, 1529 Args: []*types.Arg{}, 1530 }, 1531 { 1532 Name: "times", 1533 Action: types.ActAllow, 1534 Args: []*types.Arg{}, 1535 }, 1536 { 1537 Name: "tkill", 1538 Action: types.ActAllow, 1539 Args: []*types.Arg{}, 1540 }, 1541 { 1542 Name: "truncate", 1543 Action: types.ActAllow, 1544 Args: []*types.Arg{}, 1545 }, 1546 { 1547 Name: "truncate64", 1548 Action: types.ActAllow, 1549 Args: []*types.Arg{}, 1550 }, 1551 { 1552 Name: "ugetrlimit", 1553 Action: types.ActAllow, 1554 Args: []*types.Arg{}, 1555 }, 1556 { 1557 Name: "umask", 1558 Action: types.ActAllow, 1559 Args: []*types.Arg{}, 1560 }, 1561 { 1562 Name: "uname", 1563 Action: types.ActAllow, 1564 Args: []*types.Arg{}, 1565 }, 1566 { 1567 Name: "unlink", 1568 Action: types.ActAllow, 1569 Args: []*types.Arg{}, 1570 }, 1571 { 1572 Name: "unlinkat", 1573 Action: types.ActAllow, 1574 Args: []*types.Arg{}, 1575 }, 1576 { 1577 Name: "utime", 1578 Action: types.ActAllow, 1579 Args: []*types.Arg{}, 1580 }, 1581 { 1582 Name: "utimensat", 1583 Action: types.ActAllow, 1584 Args: []*types.Arg{}, 1585 }, 1586 { 1587 Name: "utimes", 1588 Action: types.ActAllow, 1589 Args: []*types.Arg{}, 1590 }, 1591 { 1592 Name: "vfork", 1593 Action: types.ActAllow, 1594 Args: []*types.Arg{}, 1595 }, 1596 { 1597 Name: "vhangup", 1598 Action: types.ActAllow, 1599 Args: []*types.Arg{}, 1600 }, 1601 { 1602 Name: "vmsplice", 1603 Action: types.ActAllow, 1604 Args: []*types.Arg{}, 1605 }, 1606 { 1607 Name: "wait4", 1608 Action: types.ActAllow, 1609 Args: []*types.Arg{}, 1610 }, 1611 { 1612 Name: "waitid", 1613 Action: types.ActAllow, 1614 Args: []*types.Arg{}, 1615 }, 1616 { 1617 Name: "waitpid", 1618 Action: types.ActAllow, 1619 Args: []*types.Arg{}, 1620 }, 1621 { 1622 Name: "write", 1623 Action: types.ActAllow, 1624 Args: []*types.Arg{}, 1625 }, 1626 { 1627 Name: "writev", 1628 Action: types.ActAllow, 1629 Args: []*types.Arg{}, 1630 }, 1631 // i386 specific syscalls 1632 { 1633 Name: "modify_ldt", 1634 Action: types.ActAllow, 1635 Args: []*types.Arg{}, 1636 }, 1637 // arm specific syscalls 1638 { 1639 Name: "breakpoint", 1640 Action: types.ActAllow, 1641 Args: []*types.Arg{}, 1642 }, 1643 { 1644 Name: "cacheflush", 1645 Action: types.ActAllow, 1646 Args: []*types.Arg{}, 1647 }, 1648 { 1649 Name: "set_tls", 1650 Action: types.ActAllow, 1651 Args: []*types.Arg{}, 1652 }, 1653 }, 1654 }