github.com/endocode/docker@v1.4.2-0.20160113120958-46eb4700391e/daemon/execdriver/native/seccomp_default.go (about) 1 // +build linux,seccomp 2 3 package native 4 5 import ( 6 "syscall" 7 8 "github.com/opencontainers/runc/libcontainer/configs" 9 libseccomp "github.com/seccomp/libseccomp-golang" 10 ) 11 12 func arches() []string { 13 var native, err = libseccomp.GetNativeArch() 14 if err != nil { 15 return []string{} 16 } 17 var a = native.String() 18 switch a { 19 case "amd64": 20 return []string{"amd64", "x86"} 21 case "arm64": 22 return []string{"arm64", "arm"} 23 case "mips64": 24 return []string{"mips64", "mips64n32", "mips"} 25 case "mips64n32": 26 return []string{"mips64", "mips64n32", "mips"} 27 case "mipsel64": 28 return []string{"mipsel64", "mipsel64n32", "mipsel"} 29 case "mipsel64n32": 30 return []string{"mipsel64", "mipsel64n32", "mipsel"} 31 default: 32 return []string{a} 33 } 34 } 35 36 var defaultSeccompProfile = &configs.Seccomp{ 37 DefaultAction: configs.Errno, 38 Architectures: arches(), 39 Syscalls: []*configs.Syscall{ 40 { 41 Name: "accept", 42 Action: configs.Allow, 43 Args: []*configs.Arg{}, 44 }, 45 { 46 Name: "accept4", 47 Action: configs.Allow, 48 Args: []*configs.Arg{}, 49 }, 50 { 51 Name: "access", 52 Action: configs.Allow, 53 Args: []*configs.Arg{}, 54 }, 55 { 56 Name: "alarm", 57 Action: configs.Allow, 58 Args: []*configs.Arg{}, 59 }, 60 { 61 Name: "arch_prctl", 62 Action: configs.Allow, 63 Args: []*configs.Arg{}, 64 }, 65 { 66 Name: "bind", 67 Action: configs.Allow, 68 Args: []*configs.Arg{}, 69 }, 70 { 71 Name: "brk", 72 Action: configs.Allow, 73 Args: []*configs.Arg{}, 74 }, 75 { 76 Name: "capget", 77 Action: configs.Allow, 78 Args: []*configs.Arg{}, 79 }, 80 { 81 Name: "capset", 82 Action: configs.Allow, 83 Args: []*configs.Arg{}, 84 }, 85 { 86 Name: "chdir", 87 Action: configs.Allow, 88 Args: []*configs.Arg{}, 89 }, 90 { 91 Name: "chmod", 92 Action: configs.Allow, 93 Args: []*configs.Arg{}, 94 }, 95 { 96 Name: "chown", 97 Action: configs.Allow, 98 Args: []*configs.Arg{}, 99 }, 100 { 101 Name: "chown32", 102 Action: configs.Allow, 103 Args: []*configs.Arg{}, 104 }, 105 { 106 Name: "chroot", 107 Action: configs.Allow, 108 Args: []*configs.Arg{}, 109 }, 110 { 111 Name: "clock_getres", 112 Action: configs.Allow, 113 Args: []*configs.Arg{}, 114 }, 115 { 116 Name: "clock_gettime", 117 Action: configs.Allow, 118 Args: []*configs.Arg{}, 119 }, 120 { 121 Name: "clock_nanosleep", 122 Action: configs.Allow, 123 Args: []*configs.Arg{}, 124 }, 125 { 126 Name: "clone", 127 Action: configs.Allow, 128 Args: []*configs.Arg{ 129 { 130 Index: 0, 131 Value: syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET, 132 ValueTwo: 0, 133 Op: configs.MaskEqualTo, 134 }, 135 }, 136 }, 137 { 138 Name: "close", 139 Action: configs.Allow, 140 Args: []*configs.Arg{}, 141 }, 142 { 143 Name: "connect", 144 Action: configs.Allow, 145 Args: []*configs.Arg{}, 146 }, 147 { 148 Name: "creat", 149 Action: configs.Allow, 150 Args: []*configs.Arg{}, 151 }, 152 { 153 Name: "dup", 154 Action: configs.Allow, 155 Args: []*configs.Arg{}, 156 }, 157 { 158 Name: "dup2", 159 Action: configs.Allow, 160 Args: []*configs.Arg{}, 161 }, 162 { 163 Name: "dup3", 164 Action: configs.Allow, 165 Args: []*configs.Arg{}, 166 }, 167 { 168 Name: "epoll_create", 169 Action: configs.Allow, 170 Args: []*configs.Arg{}, 171 }, 172 { 173 Name: "epoll_create1", 174 Action: configs.Allow, 175 Args: []*configs.Arg{}, 176 }, 177 { 178 Name: "epoll_ctl", 179 Action: configs.Allow, 180 Args: []*configs.Arg{}, 181 }, 182 { 183 Name: "epoll_ctl_old", 184 Action: configs.Allow, 185 Args: []*configs.Arg{}, 186 }, 187 { 188 Name: "epoll_pwait", 189 Action: configs.Allow, 190 Args: []*configs.Arg{}, 191 }, 192 { 193 Name: "epoll_wait", 194 Action: configs.Allow, 195 Args: []*configs.Arg{}, 196 }, 197 { 198 Name: "epoll_wait_old", 199 Action: configs.Allow, 200 Args: []*configs.Arg{}, 201 }, 202 { 203 Name: "eventfd", 204 Action: configs.Allow, 205 Args: []*configs.Arg{}, 206 }, 207 { 208 Name: "eventfd2", 209 Action: configs.Allow, 210 Args: []*configs.Arg{}, 211 }, 212 { 213 Name: "execve", 214 Action: configs.Allow, 215 Args: []*configs.Arg{}, 216 }, 217 { 218 Name: "execveat", 219 Action: configs.Allow, 220 Args: []*configs.Arg{}, 221 }, 222 { 223 Name: "exit", 224 Action: configs.Allow, 225 Args: []*configs.Arg{}, 226 }, 227 { 228 Name: "exit_group", 229 Action: configs.Allow, 230 Args: []*configs.Arg{}, 231 }, 232 { 233 Name: "faccessat", 234 Action: configs.Allow, 235 Args: []*configs.Arg{}, 236 }, 237 { 238 Name: "fadvise64", 239 Action: configs.Allow, 240 Args: []*configs.Arg{}, 241 }, 242 { 243 Name: "fadvise64_64", 244 Action: configs.Allow, 245 Args: []*configs.Arg{}, 246 }, 247 { 248 Name: "fallocate", 249 Action: configs.Allow, 250 Args: []*configs.Arg{}, 251 }, 252 { 253 Name: "fanotify_init", 254 Action: configs.Allow, 255 Args: []*configs.Arg{}, 256 }, 257 { 258 Name: "fanotify_mark", 259 Action: configs.Allow, 260 Args: []*configs.Arg{}, 261 }, 262 { 263 Name: "fchdir", 264 Action: configs.Allow, 265 Args: []*configs.Arg{}, 266 }, 267 { 268 Name: "fchmod", 269 Action: configs.Allow, 270 Args: []*configs.Arg{}, 271 }, 272 { 273 Name: "fchmodat", 274 Action: configs.Allow, 275 Args: []*configs.Arg{}, 276 }, 277 { 278 Name: "fchown", 279 Action: configs.Allow, 280 Args: []*configs.Arg{}, 281 }, 282 { 283 Name: "fchown32", 284 Action: configs.Allow, 285 Args: []*configs.Arg{}, 286 }, 287 { 288 Name: "fchownat", 289 Action: configs.Allow, 290 Args: []*configs.Arg{}, 291 }, 292 { 293 Name: "fcntl", 294 Action: configs.Allow, 295 Args: []*configs.Arg{}, 296 }, 297 { 298 Name: "fcntl64", 299 Action: configs.Allow, 300 Args: []*configs.Arg{}, 301 }, 302 { 303 Name: "fdatasync", 304 Action: configs.Allow, 305 Args: []*configs.Arg{}, 306 }, 307 { 308 Name: "fgetxattr", 309 Action: configs.Allow, 310 Args: []*configs.Arg{}, 311 }, 312 { 313 Name: "flistxattr", 314 Action: configs.Allow, 315 Args: []*configs.Arg{}, 316 }, 317 { 318 Name: "flock", 319 Action: configs.Allow, 320 Args: []*configs.Arg{}, 321 }, 322 { 323 Name: "fork", 324 Action: configs.Allow, 325 Args: []*configs.Arg{}, 326 }, 327 { 328 Name: "fremovexattr", 329 Action: configs.Allow, 330 Args: []*configs.Arg{}, 331 }, 332 { 333 Name: "fsetxattr", 334 Action: configs.Allow, 335 Args: []*configs.Arg{}, 336 }, 337 { 338 Name: "fstat", 339 Action: configs.Allow, 340 Args: []*configs.Arg{}, 341 }, 342 { 343 Name: "fstat64", 344 Action: configs.Allow, 345 Args: []*configs.Arg{}, 346 }, 347 { 348 Name: "fstatat64", 349 Action: configs.Allow, 350 Args: []*configs.Arg{}, 351 }, 352 { 353 Name: "fstatfs", 354 Action: configs.Allow, 355 Args: []*configs.Arg{}, 356 }, 357 { 358 Name: "fstatfs64", 359 Action: configs.Allow, 360 Args: []*configs.Arg{}, 361 }, 362 { 363 Name: "fsync", 364 Action: configs.Allow, 365 Args: []*configs.Arg{}, 366 }, 367 { 368 Name: "ftruncate", 369 Action: configs.Allow, 370 Args: []*configs.Arg{}, 371 }, 372 { 373 Name: "ftruncate64", 374 Action: configs.Allow, 375 Args: []*configs.Arg{}, 376 }, 377 { 378 Name: "futex", 379 Action: configs.Allow, 380 Args: []*configs.Arg{}, 381 }, 382 { 383 Name: "futimesat", 384 Action: configs.Allow, 385 Args: []*configs.Arg{}, 386 }, 387 { 388 Name: "getcpu", 389 Action: configs.Allow, 390 Args: []*configs.Arg{}, 391 }, 392 { 393 Name: "getcwd", 394 Action: configs.Allow, 395 Args: []*configs.Arg{}, 396 }, 397 { 398 Name: "getdents", 399 Action: configs.Allow, 400 Args: []*configs.Arg{}, 401 }, 402 { 403 Name: "getdents64", 404 Action: configs.Allow, 405 Args: []*configs.Arg{}, 406 }, 407 { 408 Name: "getegid", 409 Action: configs.Allow, 410 Args: []*configs.Arg{}, 411 }, 412 { 413 Name: "getegid32", 414 Action: configs.Allow, 415 Args: []*configs.Arg{}, 416 }, 417 { 418 Name: "geteuid", 419 Action: configs.Allow, 420 Args: []*configs.Arg{}, 421 }, 422 { 423 Name: "geteuid32", 424 Action: configs.Allow, 425 Args: []*configs.Arg{}, 426 }, 427 { 428 Name: "getgid", 429 Action: configs.Allow, 430 Args: []*configs.Arg{}, 431 }, 432 { 433 Name: "getgid32", 434 Action: configs.Allow, 435 Args: []*configs.Arg{}, 436 }, 437 { 438 Name: "getgroups", 439 Action: configs.Allow, 440 Args: []*configs.Arg{}, 441 }, 442 { 443 Name: "getgroups32", 444 Action: configs.Allow, 445 Args: []*configs.Arg{}, 446 }, 447 { 448 Name: "getitimer", 449 Action: configs.Allow, 450 Args: []*configs.Arg{}, 451 }, 452 { 453 Name: "getpeername", 454 Action: configs.Allow, 455 Args: []*configs.Arg{}, 456 }, 457 { 458 Name: "getpgid", 459 Action: configs.Allow, 460 Args: []*configs.Arg{}, 461 }, 462 { 463 Name: "getpgrp", 464 Action: configs.Allow, 465 Args: []*configs.Arg{}, 466 }, 467 { 468 Name: "getpid", 469 Action: configs.Allow, 470 Args: []*configs.Arg{}, 471 }, 472 { 473 Name: "getppid", 474 Action: configs.Allow, 475 Args: []*configs.Arg{}, 476 }, 477 { 478 Name: "getpriority", 479 Action: configs.Allow, 480 Args: []*configs.Arg{}, 481 }, 482 { 483 Name: "getrandom", 484 Action: configs.Allow, 485 Args: []*configs.Arg{}, 486 }, 487 { 488 Name: "getresgid", 489 Action: configs.Allow, 490 Args: []*configs.Arg{}, 491 }, 492 { 493 Name: "getresgid32", 494 Action: configs.Allow, 495 Args: []*configs.Arg{}, 496 }, 497 { 498 Name: "getresuid", 499 Action: configs.Allow, 500 Args: []*configs.Arg{}, 501 }, 502 { 503 Name: "getresuid32", 504 Action: configs.Allow, 505 Args: []*configs.Arg{}, 506 }, 507 { 508 Name: "getrlimit", 509 Action: configs.Allow, 510 Args: []*configs.Arg{}, 511 }, 512 { 513 Name: "get_robust_list", 514 Action: configs.Allow, 515 Args: []*configs.Arg{}, 516 }, 517 { 518 Name: "getrusage", 519 Action: configs.Allow, 520 Args: []*configs.Arg{}, 521 }, 522 { 523 Name: "getsid", 524 Action: configs.Allow, 525 Args: []*configs.Arg{}, 526 }, 527 { 528 Name: "getsockname", 529 Action: configs.Allow, 530 Args: []*configs.Arg{}, 531 }, 532 { 533 Name: "getsockopt", 534 Action: configs.Allow, 535 Args: []*configs.Arg{}, 536 }, 537 { 538 Name: "get_thread_area", 539 Action: configs.Allow, 540 Args: []*configs.Arg{}, 541 }, 542 { 543 Name: "gettid", 544 Action: configs.Allow, 545 Args: []*configs.Arg{}, 546 }, 547 { 548 Name: "gettimeofday", 549 Action: configs.Allow, 550 Args: []*configs.Arg{}, 551 }, 552 { 553 Name: "getuid", 554 Action: configs.Allow, 555 Args: []*configs.Arg{}, 556 }, 557 { 558 Name: "getuid32", 559 Action: configs.Allow, 560 Args: []*configs.Arg{}, 561 }, 562 { 563 Name: "getxattr", 564 Action: configs.Allow, 565 Args: []*configs.Arg{}, 566 }, 567 { 568 Name: "inotify_add_watch", 569 Action: configs.Allow, 570 Args: []*configs.Arg{}, 571 }, 572 { 573 Name: "inotify_init", 574 Action: configs.Allow, 575 Args: []*configs.Arg{}, 576 }, 577 { 578 Name: "inotify_init1", 579 Action: configs.Allow, 580 Args: []*configs.Arg{}, 581 }, 582 { 583 Name: "inotify_rm_watch", 584 Action: configs.Allow, 585 Args: []*configs.Arg{}, 586 }, 587 { 588 Name: "io_cancel", 589 Action: configs.Allow, 590 Args: []*configs.Arg{}, 591 }, 592 { 593 Name: "ioctl", 594 Action: configs.Allow, 595 Args: []*configs.Arg{}, 596 }, 597 { 598 Name: "io_destroy", 599 Action: configs.Allow, 600 Args: []*configs.Arg{}, 601 }, 602 { 603 Name: "io_getevents", 604 Action: configs.Allow, 605 Args: []*configs.Arg{}, 606 }, 607 { 608 Name: "ioprio_get", 609 Action: configs.Allow, 610 Args: []*configs.Arg{}, 611 }, 612 { 613 Name: "ioprio_set", 614 Action: configs.Allow, 615 Args: []*configs.Arg{}, 616 }, 617 { 618 Name: "io_setup", 619 Action: configs.Allow, 620 Args: []*configs.Arg{}, 621 }, 622 { 623 Name: "io_submit", 624 Action: configs.Allow, 625 Args: []*configs.Arg{}, 626 }, 627 { 628 Name: "kill", 629 Action: configs.Allow, 630 Args: []*configs.Arg{}, 631 }, 632 { 633 Name: "lchown", 634 Action: configs.Allow, 635 Args: []*configs.Arg{}, 636 }, 637 { 638 Name: "lchown32", 639 Action: configs.Allow, 640 Args: []*configs.Arg{}, 641 }, 642 { 643 Name: "lgetxattr", 644 Action: configs.Allow, 645 Args: []*configs.Arg{}, 646 }, 647 { 648 Name: "link", 649 Action: configs.Allow, 650 Args: []*configs.Arg{}, 651 }, 652 { 653 Name: "linkat", 654 Action: configs.Allow, 655 Args: []*configs.Arg{}, 656 }, 657 { 658 Name: "listen", 659 Action: configs.Allow, 660 Args: []*configs.Arg{}, 661 }, 662 { 663 Name: "listxattr", 664 Action: configs.Allow, 665 Args: []*configs.Arg{}, 666 }, 667 { 668 Name: "llistxattr", 669 Action: configs.Allow, 670 Args: []*configs.Arg{}, 671 }, 672 { 673 Name: "_llseek", 674 Action: configs.Allow, 675 Args: []*configs.Arg{}, 676 }, 677 { 678 Name: "lremovexattr", 679 Action: configs.Allow, 680 Args: []*configs.Arg{}, 681 }, 682 { 683 Name: "lseek", 684 Action: configs.Allow, 685 Args: []*configs.Arg{}, 686 }, 687 { 688 Name: "lsetxattr", 689 Action: configs.Allow, 690 Args: []*configs.Arg{}, 691 }, 692 { 693 Name: "lstat", 694 Action: configs.Allow, 695 Args: []*configs.Arg{}, 696 }, 697 { 698 Name: "lstat64", 699 Action: configs.Allow, 700 Args: []*configs.Arg{}, 701 }, 702 { 703 Name: "madvise", 704 Action: configs.Allow, 705 Args: []*configs.Arg{}, 706 }, 707 { 708 Name: "memfd_create", 709 Action: configs.Allow, 710 Args: []*configs.Arg{}, 711 }, 712 { 713 Name: "mincore", 714 Action: configs.Allow, 715 Args: []*configs.Arg{}, 716 }, 717 { 718 Name: "mkdir", 719 Action: configs.Allow, 720 Args: []*configs.Arg{}, 721 }, 722 { 723 Name: "mkdirat", 724 Action: configs.Allow, 725 Args: []*configs.Arg{}, 726 }, 727 { 728 Name: "mknod", 729 Action: configs.Allow, 730 Args: []*configs.Arg{}, 731 }, 732 { 733 Name: "mknodat", 734 Action: configs.Allow, 735 Args: []*configs.Arg{}, 736 }, 737 { 738 Name: "mlock", 739 Action: configs.Allow, 740 Args: []*configs.Arg{}, 741 }, 742 { 743 Name: "mlockall", 744 Action: configs.Allow, 745 Args: []*configs.Arg{}, 746 }, 747 { 748 Name: "mmap", 749 Action: configs.Allow, 750 Args: []*configs.Arg{}, 751 }, 752 { 753 Name: "mmap2", 754 Action: configs.Allow, 755 Args: []*configs.Arg{}, 756 }, 757 { 758 Name: "mprotect", 759 Action: configs.Allow, 760 Args: []*configs.Arg{}, 761 }, 762 { 763 Name: "mq_getsetattr", 764 Action: configs.Allow, 765 Args: []*configs.Arg{}, 766 }, 767 { 768 Name: "mq_notify", 769 Action: configs.Allow, 770 Args: []*configs.Arg{}, 771 }, 772 { 773 Name: "mq_open", 774 Action: configs.Allow, 775 Args: []*configs.Arg{}, 776 }, 777 { 778 Name: "mq_timedreceive", 779 Action: configs.Allow, 780 Args: []*configs.Arg{}, 781 }, 782 { 783 Name: "mq_timedsend", 784 Action: configs.Allow, 785 Args: []*configs.Arg{}, 786 }, 787 { 788 Name: "mq_unlink", 789 Action: configs.Allow, 790 Args: []*configs.Arg{}, 791 }, 792 { 793 Name: "mremap", 794 Action: configs.Allow, 795 Args: []*configs.Arg{}, 796 }, 797 { 798 Name: "msgctl", 799 Action: configs.Allow, 800 Args: []*configs.Arg{}, 801 }, 802 { 803 Name: "msgget", 804 Action: configs.Allow, 805 Args: []*configs.Arg{}, 806 }, 807 { 808 Name: "msgrcv", 809 Action: configs.Allow, 810 Args: []*configs.Arg{}, 811 }, 812 { 813 Name: "msgsnd", 814 Action: configs.Allow, 815 Args: []*configs.Arg{}, 816 }, 817 { 818 Name: "msync", 819 Action: configs.Allow, 820 Args: []*configs.Arg{}, 821 }, 822 { 823 Name: "munlock", 824 Action: configs.Allow, 825 Args: []*configs.Arg{}, 826 }, 827 { 828 Name: "munlockall", 829 Action: configs.Allow, 830 Args: []*configs.Arg{}, 831 }, 832 { 833 Name: "munmap", 834 Action: configs.Allow, 835 Args: []*configs.Arg{}, 836 }, 837 { 838 Name: "nanosleep", 839 Action: configs.Allow, 840 Args: []*configs.Arg{}, 841 }, 842 { 843 Name: "newfstatat", 844 Action: configs.Allow, 845 Args: []*configs.Arg{}, 846 }, 847 { 848 Name: "_newselect", 849 Action: configs.Allow, 850 Args: []*configs.Arg{}, 851 }, 852 { 853 Name: "open", 854 Action: configs.Allow, 855 Args: []*configs.Arg{}, 856 }, 857 { 858 Name: "openat", 859 Action: configs.Allow, 860 Args: []*configs.Arg{}, 861 }, 862 { 863 Name: "pause", 864 Action: configs.Allow, 865 Args: []*configs.Arg{}, 866 }, 867 { 868 Name: "pipe", 869 Action: configs.Allow, 870 Args: []*configs.Arg{}, 871 }, 872 { 873 Name: "pipe2", 874 Action: configs.Allow, 875 Args: []*configs.Arg{}, 876 }, 877 { 878 Name: "poll", 879 Action: configs.Allow, 880 Args: []*configs.Arg{}, 881 }, 882 { 883 Name: "ppoll", 884 Action: configs.Allow, 885 Args: []*configs.Arg{}, 886 }, 887 { 888 Name: "prctl", 889 Action: configs.Allow, 890 Args: []*configs.Arg{}, 891 }, 892 { 893 Name: "pread64", 894 Action: configs.Allow, 895 Args: []*configs.Arg{}, 896 }, 897 { 898 Name: "preadv", 899 Action: configs.Allow, 900 Args: []*configs.Arg{}, 901 }, 902 { 903 Name: "prlimit64", 904 Action: configs.Allow, 905 Args: []*configs.Arg{}, 906 }, 907 { 908 Name: "pselect6", 909 Action: configs.Allow, 910 Args: []*configs.Arg{}, 911 }, 912 { 913 Name: "pwrite64", 914 Action: configs.Allow, 915 Args: []*configs.Arg{}, 916 }, 917 { 918 Name: "pwritev", 919 Action: configs.Allow, 920 Args: []*configs.Arg{}, 921 }, 922 { 923 Name: "read", 924 Action: configs.Allow, 925 Args: []*configs.Arg{}, 926 }, 927 { 928 Name: "readahead", 929 Action: configs.Allow, 930 Args: []*configs.Arg{}, 931 }, 932 { 933 Name: "readlink", 934 Action: configs.Allow, 935 Args: []*configs.Arg{}, 936 }, 937 { 938 Name: "readlinkat", 939 Action: configs.Allow, 940 Args: []*configs.Arg{}, 941 }, 942 { 943 Name: "readv", 944 Action: configs.Allow, 945 Args: []*configs.Arg{}, 946 }, 947 { 948 Name: "recvfrom", 949 Action: configs.Allow, 950 Args: []*configs.Arg{}, 951 }, 952 { 953 Name: "recvmmsg", 954 Action: configs.Allow, 955 Args: []*configs.Arg{}, 956 }, 957 { 958 Name: "recvmsg", 959 Action: configs.Allow, 960 Args: []*configs.Arg{}, 961 }, 962 { 963 Name: "remap_file_pages", 964 Action: configs.Allow, 965 Args: []*configs.Arg{}, 966 }, 967 { 968 Name: "removexattr", 969 Action: configs.Allow, 970 Args: []*configs.Arg{}, 971 }, 972 { 973 Name: "rename", 974 Action: configs.Allow, 975 Args: []*configs.Arg{}, 976 }, 977 { 978 Name: "renameat", 979 Action: configs.Allow, 980 Args: []*configs.Arg{}, 981 }, 982 { 983 Name: "renameat2", 984 Action: configs.Allow, 985 Args: []*configs.Arg{}, 986 }, 987 { 988 Name: "rmdir", 989 Action: configs.Allow, 990 Args: []*configs.Arg{}, 991 }, 992 { 993 Name: "rt_sigaction", 994 Action: configs.Allow, 995 Args: []*configs.Arg{}, 996 }, 997 { 998 Name: "rt_sigpending", 999 Action: configs.Allow, 1000 Args: []*configs.Arg{}, 1001 }, 1002 { 1003 Name: "rt_sigprocmask", 1004 Action: configs.Allow, 1005 Args: []*configs.Arg{}, 1006 }, 1007 { 1008 Name: "rt_sigqueueinfo", 1009 Action: configs.Allow, 1010 Args: []*configs.Arg{}, 1011 }, 1012 { 1013 Name: "rt_sigreturn", 1014 Action: configs.Allow, 1015 Args: []*configs.Arg{}, 1016 }, 1017 { 1018 Name: "rt_sigsuspend", 1019 Action: configs.Allow, 1020 Args: []*configs.Arg{}, 1021 }, 1022 { 1023 Name: "rt_sigtimedwait", 1024 Action: configs.Allow, 1025 Args: []*configs.Arg{}, 1026 }, 1027 { 1028 Name: "rt_tgsigqueueinfo", 1029 Action: configs.Allow, 1030 Args: []*configs.Arg{}, 1031 }, 1032 { 1033 Name: "sched_getaffinity", 1034 Action: configs.Allow, 1035 Args: []*configs.Arg{}, 1036 }, 1037 { 1038 Name: "sched_getattr", 1039 Action: configs.Allow, 1040 Args: []*configs.Arg{}, 1041 }, 1042 { 1043 Name: "sched_getparam", 1044 Action: configs.Allow, 1045 Args: []*configs.Arg{}, 1046 }, 1047 { 1048 Name: "sched_get_priority_max", 1049 Action: configs.Allow, 1050 Args: []*configs.Arg{}, 1051 }, 1052 { 1053 Name: "sched_get_priority_min", 1054 Action: configs.Allow, 1055 Args: []*configs.Arg{}, 1056 }, 1057 { 1058 Name: "sched_getscheduler", 1059 Action: configs.Allow, 1060 Args: []*configs.Arg{}, 1061 }, 1062 { 1063 Name: "sched_rr_get_interval", 1064 Action: configs.Allow, 1065 Args: []*configs.Arg{}, 1066 }, 1067 { 1068 Name: "sched_setaffinity", 1069 Action: configs.Allow, 1070 Args: []*configs.Arg{}, 1071 }, 1072 { 1073 Name: "sched_setattr", 1074 Action: configs.Allow, 1075 Args: []*configs.Arg{}, 1076 }, 1077 { 1078 Name: "sched_setparam", 1079 Action: configs.Allow, 1080 Args: []*configs.Arg{}, 1081 }, 1082 { 1083 Name: "sched_setscheduler", 1084 Action: configs.Allow, 1085 Args: []*configs.Arg{}, 1086 }, 1087 { 1088 Name: "sched_yield", 1089 Action: configs.Allow, 1090 Args: []*configs.Arg{}, 1091 }, 1092 { 1093 Name: "seccomp", 1094 Action: configs.Allow, 1095 Args: []*configs.Arg{}, 1096 }, 1097 { 1098 Name: "select", 1099 Action: configs.Allow, 1100 Args: []*configs.Arg{}, 1101 }, 1102 { 1103 Name: "semctl", 1104 Action: configs.Allow, 1105 Args: []*configs.Arg{}, 1106 }, 1107 { 1108 Name: "semget", 1109 Action: configs.Allow, 1110 Args: []*configs.Arg{}, 1111 }, 1112 { 1113 Name: "semop", 1114 Action: configs.Allow, 1115 Args: []*configs.Arg{}, 1116 }, 1117 { 1118 Name: "semtimedop", 1119 Action: configs.Allow, 1120 Args: []*configs.Arg{}, 1121 }, 1122 { 1123 Name: "sendfile", 1124 Action: configs.Allow, 1125 Args: []*configs.Arg{}, 1126 }, 1127 { 1128 Name: "sendfile64", 1129 Action: configs.Allow, 1130 Args: []*configs.Arg{}, 1131 }, 1132 { 1133 Name: "sendmmsg", 1134 Action: configs.Allow, 1135 Args: []*configs.Arg{}, 1136 }, 1137 { 1138 Name: "sendmsg", 1139 Action: configs.Allow, 1140 Args: []*configs.Arg{}, 1141 }, 1142 { 1143 Name: "sendto", 1144 Action: configs.Allow, 1145 Args: []*configs.Arg{}, 1146 }, 1147 { 1148 Name: "setdomainname", 1149 Action: configs.Allow, 1150 Args: []*configs.Arg{}, 1151 }, 1152 { 1153 Name: "setfsgid", 1154 Action: configs.Allow, 1155 Args: []*configs.Arg{}, 1156 }, 1157 { 1158 Name: "setfsgid32", 1159 Action: configs.Allow, 1160 Args: []*configs.Arg{}, 1161 }, 1162 { 1163 Name: "setfsuid", 1164 Action: configs.Allow, 1165 Args: []*configs.Arg{}, 1166 }, 1167 { 1168 Name: "setfsuid32", 1169 Action: configs.Allow, 1170 Args: []*configs.Arg{}, 1171 }, 1172 { 1173 Name: "setgid", 1174 Action: configs.Allow, 1175 Args: []*configs.Arg{}, 1176 }, 1177 { 1178 Name: "setgid32", 1179 Action: configs.Allow, 1180 Args: []*configs.Arg{}, 1181 }, 1182 { 1183 Name: "setgroups", 1184 Action: configs.Allow, 1185 Args: []*configs.Arg{}, 1186 }, 1187 { 1188 Name: "setgroups32", 1189 Action: configs.Allow, 1190 Args: []*configs.Arg{}, 1191 }, 1192 { 1193 Name: "sethostname", 1194 Action: configs.Allow, 1195 Args: []*configs.Arg{}, 1196 }, 1197 { 1198 Name: "setitimer", 1199 Action: configs.Allow, 1200 Args: []*configs.Arg{}, 1201 }, 1202 { 1203 Name: "setpgid", 1204 Action: configs.Allow, 1205 Args: []*configs.Arg{}, 1206 }, 1207 { 1208 Name: "setpriority", 1209 Action: configs.Allow, 1210 Args: []*configs.Arg{}, 1211 }, 1212 { 1213 Name: "setregid", 1214 Action: configs.Allow, 1215 Args: []*configs.Arg{}, 1216 }, 1217 { 1218 Name: "setregid32", 1219 Action: configs.Allow, 1220 Args: []*configs.Arg{}, 1221 }, 1222 { 1223 Name: "setresgid", 1224 Action: configs.Allow, 1225 Args: []*configs.Arg{}, 1226 }, 1227 { 1228 Name: "setresgid32", 1229 Action: configs.Allow, 1230 Args: []*configs.Arg{}, 1231 }, 1232 { 1233 Name: "setresuid", 1234 Action: configs.Allow, 1235 Args: []*configs.Arg{}, 1236 }, 1237 { 1238 Name: "setresuid32", 1239 Action: configs.Allow, 1240 Args: []*configs.Arg{}, 1241 }, 1242 { 1243 Name: "setreuid", 1244 Action: configs.Allow, 1245 Args: []*configs.Arg{}, 1246 }, 1247 { 1248 Name: "setreuid32", 1249 Action: configs.Allow, 1250 Args: []*configs.Arg{}, 1251 }, 1252 { 1253 Name: "setrlimit", 1254 Action: configs.Allow, 1255 Args: []*configs.Arg{}, 1256 }, 1257 { 1258 Name: "set_robust_list", 1259 Action: configs.Allow, 1260 Args: []*configs.Arg{}, 1261 }, 1262 { 1263 Name: "setsid", 1264 Action: configs.Allow, 1265 Args: []*configs.Arg{}, 1266 }, 1267 { 1268 Name: "setsockopt", 1269 Action: configs.Allow, 1270 Args: []*configs.Arg{}, 1271 }, 1272 { 1273 Name: "set_thread_area", 1274 Action: configs.Allow, 1275 Args: []*configs.Arg{}, 1276 }, 1277 { 1278 Name: "set_tid_address", 1279 Action: configs.Allow, 1280 Args: []*configs.Arg{}, 1281 }, 1282 { 1283 Name: "setuid", 1284 Action: configs.Allow, 1285 Args: []*configs.Arg{}, 1286 }, 1287 { 1288 Name: "setuid32", 1289 Action: configs.Allow, 1290 Args: []*configs.Arg{}, 1291 }, 1292 { 1293 Name: "setxattr", 1294 Action: configs.Allow, 1295 Args: []*configs.Arg{}, 1296 }, 1297 { 1298 Name: "shmat", 1299 Action: configs.Allow, 1300 Args: []*configs.Arg{}, 1301 }, 1302 { 1303 Name: "shmctl", 1304 Action: configs.Allow, 1305 Args: []*configs.Arg{}, 1306 }, 1307 { 1308 Name: "shmdt", 1309 Action: configs.Allow, 1310 Args: []*configs.Arg{}, 1311 }, 1312 { 1313 Name: "shmget", 1314 Action: configs.Allow, 1315 Args: []*configs.Arg{}, 1316 }, 1317 { 1318 Name: "shutdown", 1319 Action: configs.Allow, 1320 Args: []*configs.Arg{}, 1321 }, 1322 { 1323 Name: "sigaltstack", 1324 Action: configs.Allow, 1325 Args: []*configs.Arg{}, 1326 }, 1327 { 1328 Name: "signalfd", 1329 Action: configs.Allow, 1330 Args: []*configs.Arg{}, 1331 }, 1332 { 1333 Name: "signalfd4", 1334 Action: configs.Allow, 1335 Args: []*configs.Arg{}, 1336 }, 1337 { 1338 Name: "sigreturn", 1339 Action: configs.Allow, 1340 Args: []*configs.Arg{}, 1341 }, 1342 { 1343 Name: "socket", 1344 Action: configs.Allow, 1345 Args: []*configs.Arg{}, 1346 }, 1347 { 1348 Name: "socketpair", 1349 Action: configs.Allow, 1350 Args: []*configs.Arg{}, 1351 }, 1352 { 1353 Name: "splice", 1354 Action: configs.Allow, 1355 Args: []*configs.Arg{}, 1356 }, 1357 { 1358 Name: "stat", 1359 Action: configs.Allow, 1360 Args: []*configs.Arg{}, 1361 }, 1362 { 1363 Name: "stat64", 1364 Action: configs.Allow, 1365 Args: []*configs.Arg{}, 1366 }, 1367 { 1368 Name: "statfs", 1369 Action: configs.Allow, 1370 Args: []*configs.Arg{}, 1371 }, 1372 { 1373 Name: "statfs64", 1374 Action: configs.Allow, 1375 Args: []*configs.Arg{}, 1376 }, 1377 { 1378 Name: "symlink", 1379 Action: configs.Allow, 1380 Args: []*configs.Arg{}, 1381 }, 1382 { 1383 Name: "symlinkat", 1384 Action: configs.Allow, 1385 Args: []*configs.Arg{}, 1386 }, 1387 { 1388 Name: "sync", 1389 Action: configs.Allow, 1390 Args: []*configs.Arg{}, 1391 }, 1392 { 1393 Name: "sync_file_range", 1394 Action: configs.Allow, 1395 Args: []*configs.Arg{}, 1396 }, 1397 { 1398 Name: "syncfs", 1399 Action: configs.Allow, 1400 Args: []*configs.Arg{}, 1401 }, 1402 { 1403 Name: "sysinfo", 1404 Action: configs.Allow, 1405 Args: []*configs.Arg{}, 1406 }, 1407 { 1408 Name: "syslog", 1409 Action: configs.Allow, 1410 Args: []*configs.Arg{}, 1411 }, 1412 { 1413 Name: "tee", 1414 Action: configs.Allow, 1415 Args: []*configs.Arg{}, 1416 }, 1417 { 1418 Name: "tgkill", 1419 Action: configs.Allow, 1420 Args: []*configs.Arg{}, 1421 }, 1422 { 1423 Name: "time", 1424 Action: configs.Allow, 1425 Args: []*configs.Arg{}, 1426 }, 1427 { 1428 Name: "timer_create", 1429 Action: configs.Allow, 1430 Args: []*configs.Arg{}, 1431 }, 1432 { 1433 Name: "timer_delete", 1434 Action: configs.Allow, 1435 Args: []*configs.Arg{}, 1436 }, 1437 { 1438 Name: "timerfd_create", 1439 Action: configs.Allow, 1440 Args: []*configs.Arg{}, 1441 }, 1442 { 1443 Name: "timerfd_gettime", 1444 Action: configs.Allow, 1445 Args: []*configs.Arg{}, 1446 }, 1447 { 1448 Name: "timerfd_settime", 1449 Action: configs.Allow, 1450 Args: []*configs.Arg{}, 1451 }, 1452 { 1453 Name: "timer_getoverrun", 1454 Action: configs.Allow, 1455 Args: []*configs.Arg{}, 1456 }, 1457 { 1458 Name: "timer_gettime", 1459 Action: configs.Allow, 1460 Args: []*configs.Arg{}, 1461 }, 1462 { 1463 Name: "timer_settime", 1464 Action: configs.Allow, 1465 Args: []*configs.Arg{}, 1466 }, 1467 { 1468 Name: "times", 1469 Action: configs.Allow, 1470 Args: []*configs.Arg{}, 1471 }, 1472 { 1473 Name: "tkill", 1474 Action: configs.Allow, 1475 Args: []*configs.Arg{}, 1476 }, 1477 { 1478 Name: "truncate", 1479 Action: configs.Allow, 1480 Args: []*configs.Arg{}, 1481 }, 1482 { 1483 Name: "truncate64", 1484 Action: configs.Allow, 1485 Args: []*configs.Arg{}, 1486 }, 1487 { 1488 Name: "ugetrlimit", 1489 Action: configs.Allow, 1490 Args: []*configs.Arg{}, 1491 }, 1492 { 1493 Name: "umask", 1494 Action: configs.Allow, 1495 Args: []*configs.Arg{}, 1496 }, 1497 { 1498 Name: "uname", 1499 Action: configs.Allow, 1500 Args: []*configs.Arg{}, 1501 }, 1502 { 1503 Name: "unlink", 1504 Action: configs.Allow, 1505 Args: []*configs.Arg{}, 1506 }, 1507 { 1508 Name: "unlinkat", 1509 Action: configs.Allow, 1510 Args: []*configs.Arg{}, 1511 }, 1512 { 1513 Name: "utime", 1514 Action: configs.Allow, 1515 Args: []*configs.Arg{}, 1516 }, 1517 { 1518 Name: "utimensat", 1519 Action: configs.Allow, 1520 Args: []*configs.Arg{}, 1521 }, 1522 { 1523 Name: "utimes", 1524 Action: configs.Allow, 1525 Args: []*configs.Arg{}, 1526 }, 1527 { 1528 Name: "vfork", 1529 Action: configs.Allow, 1530 Args: []*configs.Arg{}, 1531 }, 1532 { 1533 Name: "vhangup", 1534 Action: configs.Allow, 1535 Args: []*configs.Arg{}, 1536 }, 1537 { 1538 Name: "vmsplice", 1539 Action: configs.Allow, 1540 Args: []*configs.Arg{}, 1541 }, 1542 { 1543 Name: "wait4", 1544 Action: configs.Allow, 1545 Args: []*configs.Arg{}, 1546 }, 1547 { 1548 Name: "waitid", 1549 Action: configs.Allow, 1550 Args: []*configs.Arg{}, 1551 }, 1552 { 1553 Name: "waitpid", 1554 Action: configs.Allow, 1555 Args: []*configs.Arg{}, 1556 }, 1557 { 1558 Name: "write", 1559 Action: configs.Allow, 1560 Args: []*configs.Arg{}, 1561 }, 1562 { 1563 Name: "writev", 1564 Action: configs.Allow, 1565 Args: []*configs.Arg{}, 1566 }, 1567 // i386 specific syscalls 1568 { 1569 Name: "modify_ldt", 1570 Action: configs.Allow, 1571 Args: []*configs.Arg{}, 1572 }, 1573 // arm specific syscalls 1574 { 1575 Name: "breakpoint", 1576 Action: configs.Allow, 1577 Args: []*configs.Arg{}, 1578 }, 1579 { 1580 Name: "cacheflush", 1581 Action: configs.Allow, 1582 Args: []*configs.Arg{}, 1583 }, 1584 { 1585 Name: "set_tls", 1586 Action: configs.Allow, 1587 Args: []*configs.Arg{}, 1588 }, 1589 }, 1590 }