github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/tools/hack/runtime_default_profile.json (about) 1 { 2 "defaultAction": "SCMP_ACT_ERRNO", 3 "architectures": [ 4 "SCMP_ARCH_X86_64", 5 "SCMP_ARCH_X86", 6 "SCMP_ARCH_X32" 7 ], 8 "syscalls": [ 9 { 10 "names": [ 11 "accept", 12 "accept4", 13 "access", 14 "adjtimex", 15 "alarm", 16 "bind", 17 "brk", 18 "capget", 19 "capset", 20 "chdir", 21 "chmod", 22 "chown", 23 "chown32", 24 "clock_adjtime", 25 "clock_adjtime64", 26 "clock_getres", 27 "clock_getres_time64", 28 "clock_gettime", 29 "clock_gettime64", 30 "clock_nanosleep", 31 "clock_nanosleep_time64", 32 "close", 33 "close_range", 34 "connect", 35 "copy_file_range", 36 "creat", 37 "dup", 38 "dup2", 39 "dup3", 40 "epoll_create", 41 "epoll_create1", 42 "epoll_ctl", 43 "epoll_ctl_old", 44 "epoll_pwait", 45 "epoll_pwait2", 46 "epoll_wait", 47 "epoll_wait_old", 48 "eventfd", 49 "eventfd2", 50 "execve", 51 "execveat", 52 "exit", 53 "exit_group", 54 "faccessat", 55 "faccessat2", 56 "fadvise64", 57 "fadvise64_64", 58 "fallocate", 59 "fanotify_mark", 60 "fchdir", 61 "fchmod", 62 "fchmodat", 63 "fchown", 64 "fchown32", 65 "fchownat", 66 "fcntl", 67 "fcntl64", 68 "fdatasync", 69 "fgetxattr", 70 "flistxattr", 71 "flock", 72 "fork", 73 "fremovexattr", 74 "fsetxattr", 75 "fstat", 76 "fstat64", 77 "fstatat64", 78 "fstatfs", 79 "fstatfs64", 80 "fsync", 81 "ftruncate", 82 "ftruncate64", 83 "futex", 84 "futex_time64", 85 "futex_waitv", 86 "futimesat", 87 "getcpu", 88 "getcwd", 89 "getdents", 90 "getdents64", 91 "getegid", 92 "getegid32", 93 "geteuid", 94 "geteuid32", 95 "getgid", 96 "getgid32", 97 "getgroups", 98 "getgroups32", 99 "getitimer", 100 "getpeername", 101 "getpgid", 102 "getpgrp", 103 "getpid", 104 "getppid", 105 "getpriority", 106 "getrandom", 107 "getresgid", 108 "getresgid32", 109 "getresuid", 110 "getresuid32", 111 "getrlimit", 112 "get_robust_list", 113 "getrusage", 114 "getsid", 115 "getsockname", 116 "getsockopt", 117 "get_thread_area", 118 "gettid", 119 "gettimeofday", 120 "getuid", 121 "getuid32", 122 "getxattr", 123 "inotify_add_watch", 124 "inotify_init", 125 "inotify_init1", 126 "inotify_rm_watch", 127 "io_cancel", 128 "ioctl", 129 "io_destroy", 130 "io_getevents", 131 "io_pgetevents", 132 "io_pgetevents_time64", 133 "ioprio_get", 134 "ioprio_set", 135 "io_setup", 136 "io_submit", 137 "io_uring_enter", 138 "io_uring_register", 139 "io_uring_setup", 140 "ipc", 141 "kill", 142 "landlock_add_rule", 143 "landlock_create_ruleset", 144 "landlock_restrict_self", 145 "lchown", 146 "lchown32", 147 "lgetxattr", 148 "link", 149 "linkat", 150 "listen", 151 "listxattr", 152 "llistxattr", 153 "_llseek", 154 "lremovexattr", 155 "lseek", 156 "lsetxattr", 157 "lstat", 158 "lstat64", 159 "madvise", 160 "membarrier", 161 "memfd_create", 162 "memfd_secret", 163 "mincore", 164 "mkdir", 165 "mkdirat", 166 "mknod", 167 "mknodat", 168 "mlock", 169 "mlock2", 170 "mlockall", 171 "mmap", 172 "mmap2", 173 "mprotect", 174 "mq_getsetattr", 175 "mq_notify", 176 "mq_open", 177 "mq_timedreceive", 178 "mq_timedreceive_time64", 179 "mq_timedsend", 180 "mq_timedsend_time64", 181 "mq_unlink", 182 "mremap", 183 "msgctl", 184 "msgget", 185 "msgrcv", 186 "msgsnd", 187 "msync", 188 "munlock", 189 "munlockall", 190 "munmap", 191 "name_to_handle_at", 192 "nanosleep", 193 "newfstatat", 194 "_newselect", 195 "open", 196 "openat", 197 "openat2", 198 "pause", 199 "pidfd_open", 200 "pidfd_send_signal", 201 "pipe", 202 "pipe2", 203 "pkey_alloc", 204 "pkey_free", 205 "pkey_mprotect", 206 "poll", 207 "ppoll", 208 "ppoll_time64", 209 "prctl", 210 "pread64", 211 "preadv", 212 "preadv2", 213 "prlimit64", 214 "process_mrelease", 215 "pselect6", 216 "pselect6_time64", 217 "pwrite64", 218 "pwritev", 219 "pwritev2", 220 "read", 221 "readahead", 222 "readlink", 223 "readlinkat", 224 "readv", 225 "recv", 226 "recvfrom", 227 "recvmmsg", 228 "recvmmsg_time64", 229 "recvmsg", 230 "remap_file_pages", 231 "removexattr", 232 "rename", 233 "renameat", 234 "renameat2", 235 "restart_syscall", 236 "rmdir", 237 "rseq", 238 "rt_sigaction", 239 "rt_sigpending", 240 "rt_sigprocmask", 241 "rt_sigqueueinfo", 242 "rt_sigreturn", 243 "rt_sigsuspend", 244 "rt_sigtimedwait", 245 "rt_sigtimedwait_time64", 246 "rt_tgsigqueueinfo", 247 "sched_getaffinity", 248 "sched_getattr", 249 "sched_getparam", 250 "sched_get_priority_max", 251 "sched_get_priority_min", 252 "sched_getscheduler", 253 "sched_rr_get_interval", 254 "sched_rr_get_interval_time64", 255 "sched_setaffinity", 256 "sched_setattr", 257 "sched_setparam", 258 "sched_setscheduler", 259 "sched_yield", 260 "seccomp", 261 "select", 262 "semctl", 263 "semget", 264 "semop", 265 "semtimedop", 266 "semtimedop_time64", 267 "send", 268 "sendfile", 269 "sendfile64", 270 "sendmmsg", 271 "sendmsg", 272 "sendto", 273 "setfsgid", 274 "setfsgid32", 275 "setfsuid", 276 "setfsuid32", 277 "setgid", 278 "setgid32", 279 "setgroups", 280 "setgroups32", 281 "setitimer", 282 "setpgid", 283 "setpriority", 284 "setregid", 285 "setregid32", 286 "setresgid", 287 "setresgid32", 288 "setresuid", 289 "setresuid32", 290 "setreuid", 291 "setreuid32", 292 "setrlimit", 293 "set_robust_list", 294 "setsid", 295 "setsockopt", 296 "set_thread_area", 297 "set_tid_address", 298 "setuid", 299 "setuid32", 300 "setxattr", 301 "shmat", 302 "shmctl", 303 "shmdt", 304 "shmget", 305 "shutdown", 306 "sigaltstack", 307 "signalfd", 308 "signalfd4", 309 "sigprocmask", 310 "sigreturn", 311 "socketcall", 312 "socketpair", 313 "splice", 314 "stat", 315 "stat64", 316 "statfs", 317 "statfs64", 318 "statx", 319 "symlink", 320 "symlinkat", 321 "sync", 322 "sync_file_range", 323 "syncfs", 324 "sysinfo", 325 "tee", 326 "tgkill", 327 "time", 328 "timer_create", 329 "timer_delete", 330 "timer_getoverrun", 331 "timer_gettime", 332 "timer_gettime64", 333 "timer_settime", 334 "timer_settime64", 335 "timerfd_create", 336 "timerfd_gettime", 337 "timerfd_gettime64", 338 "timerfd_settime", 339 "timerfd_settime64", 340 "times", 341 "tkill", 342 "truncate", 343 "truncate64", 344 "ugetrlimit", 345 "umask", 346 "uname", 347 "unlink", 348 "unlinkat", 349 "utime", 350 "utimensat", 351 "utimensat_time64", 352 "utimes", 353 "vfork", 354 "vmsplice", 355 "wait4", 356 "waitid", 357 "waitpid", 358 "write", 359 "writev" 360 ], 361 "action": "SCMP_ACT_ALLOW" 362 }, 363 { 364 "names": [ 365 "socket" 366 ], 367 "action": "SCMP_ACT_ALLOW", 368 "args": [ 369 { 370 "index": 0, 371 "value": 40, 372 "op": "SCMP_CMP_NE" 373 } 374 ] 375 }, 376 { 377 "names": [ 378 "personality" 379 ], 380 "action": "SCMP_ACT_ALLOW", 381 "args": [ 382 { 383 "index": 0, 384 "value": 0, 385 "op": "SCMP_CMP_EQ" 386 } 387 ] 388 }, 389 { 390 "names": [ 391 "personality" 392 ], 393 "action": "SCMP_ACT_ALLOW", 394 "args": [ 395 { 396 "index": 0, 397 "value": 8, 398 "op": "SCMP_CMP_EQ" 399 } 400 ] 401 }, 402 { 403 "names": [ 404 "personality" 405 ], 406 "action": "SCMP_ACT_ALLOW", 407 "args": [ 408 { 409 "index": 0, 410 "value": 131072, 411 "op": "SCMP_CMP_EQ" 412 } 413 ] 414 }, 415 { 416 "names": [ 417 "personality" 418 ], 419 "action": "SCMP_ACT_ALLOW", 420 "args": [ 421 { 422 "index": 0, 423 "value": 131080, 424 "op": "SCMP_CMP_EQ" 425 } 426 ] 427 }, 428 { 429 "names": [ 430 "personality" 431 ], 432 "action": "SCMP_ACT_ALLOW", 433 "args": [ 434 { 435 "index": 0, 436 "value": 4294967295, 437 "op": "SCMP_CMP_EQ" 438 } 439 ] 440 }, 441 { 442 "names": [ 443 "process_vm_readv", 444 "process_vm_writev", 445 "ptrace" 446 ], 447 "action": "SCMP_ACT_ALLOW" 448 }, 449 { 450 "names": [ 451 "arch_prctl", 452 "modify_ldt" 453 ], 454 "action": "SCMP_ACT_ALLOW" 455 }, 456 { 457 "names": [ 458 "chroot" 459 ], 460 "action": "SCMP_ACT_ALLOW" 461 }, 462 { 463 "names": [ 464 "clone" 465 ], 466 "action": "SCMP_ACT_ALLOW", 467 "args": [ 468 { 469 "index": 0, 470 "value": 2114060288, 471 "op": "SCMP_CMP_MASKED_EQ" 472 } 473 ] 474 }, 475 { 476 "names": [ 477 "clone3" 478 ], 479 "action": "SCMP_ACT_ERRNO", 480 "errnoRet": 38 481 } 482 ] 483 }