github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/snap-confine/README.syscalls

To get all the syscalls, grab all the linux-libc-dev packages for all the
architectures (eg, amd64, arm64, armhf, i386, powerpc, ppc64el) and put then
in a directory. Then:

mkdir extracted
for i in ./*deb ; do
    dpkg-deb -x $i ./extracted
done

for i in `find . -name "unistd*.h"|grep gnu` ; do egrep '^#define .*_NR_([a-z0-9_\-]*)' $i | awk '{print $2}' | sed 's/.*_NR_//' ; done|sort -u

NOTE: syscall() isn't actually a syscall, it is a glibc wrapping to reference
a syscall by number (therefore, it should be omitted from filter policy). ARM
OABI did define this, but it has been obsoleted in EABI.

For example, on Ubuntu 16.04 with the 4.4.0-16.32 Linux kernel, these are the
syscalls:
accept
accept4
access
acct
add_key
adjtimex
afs_syscall
alarm
arch_prctl
arm_fadvise64_64
arm_sync_file_range
bdflush
bind
bpf
break
breakpoint
brk
cacheflush
capget
capset
chdir
chmod
chown
chown32
chroot
clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
clock_settime
clone
close
connect
creat
create_module
delete_module
dup
dup2
dup3
epoll_create
epoll_create1
epoll_ctl
epoll_ctl_old
epoll_pwait
epoll_wait
epoll_wait_old
eventfd
eventfd2
execve
execveat
exit
exit_group
faccessat
fadvise64
fadvise64_64
fallocate
fanotify_init
fanotify_mark
fchdir
fchmod
fchmodat
fchown
fchown32
fchownat
fcntl
fcntl64
fdatasync
fgetxattr
finit_module
flistxattr
flock
fork
fremovexattr
fsetxattr
fstat
fstat64
fstatat64
fstatfs
fstatfs64
fsync
ftime
ftruncate
ftruncate64
futex
futimesat
getcpu
getcwd
getdents
getdents64
getegid
getegid32
geteuid
geteuid32
getgid
getgid32
getgroups
getgroups32
getitimer
get_kernel_syms
get_mempolicy
getpeername
getpgid
getpgrp
getpid
getpmsg
getppid
getpriority
getrandom
getresgid
getresgid32
getresuid
getresuid32
getrlimit
get_robust_list
getrusage
getsid
getsockname
getsockopt
get_thread_area
gettid
gettimeofday
getuid
getuid32
getxattr
gtty
idle
init_module
inotify_add_watch
inotify_init
inotify_init1
inotify_rm_watch
io_cancel
ioctl
io_destroy
io_getevents
ioperm
iopl
ioprio_get
ioprio_set
io_setup
io_submit
ipc
kcmp
kexec_file_load
kexec_load
keyctl
kill
lchown
lchown32
lgetxattr
link
linkat
listen
listxattr
llistxattr
_llseek
lock
lookup_dcookie
lremovexattr
lseek
lsetxattr
lstat
lstat64
madvise
mbind
membarrier
memfd_create
migrate_pages
mincore
mkdir
mkdirat
mknod
mknodat
mlock
mlock2
mlockall
mmap
mmap2
modify_ldt
mount
move_pages
mprotect
mpx
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedsend
mq_unlink
mremap
msgctl
msgget
msgrcv
msgsnd
msync
multiplexer
munlock
munlockall
munmap
name_to_handle_at
nanosleep
newfstatat
_newselect
nfsservctl
nice
oldfstat
oldlstat
oldolduname
oldstat
olduname
open
openat
open_by_handle_at
pause
pciconfig_iobase
pciconfig_read
pciconfig_write
perf_event_open
personality
pipe
pipe2
pivot_root
poll
ppoll
prctl
pread64
preadv
prlimit64
process_vm_readv
process_vm_writev
prof
profil
pselect6
ptrace
putpmsg
pwrite64
pwritev
query_module
quotactl
read
readahead
readdir
readlink
readlinkat
readv
reboot
recv
recvfrom
recvmmsg
recvmsg
remap_file_pages
removexattr
rename
renameat
renameat2
request_key
restart_syscall
rmdir
rtas
rt_sigaction
rt_sigpending
rt_sigprocmask
rt_sigqueueinfo
rt_sigreturn
rt_sigsuspend
rt_sigtimedwait
rt_tgsigqueueinfo
s390_pci_mmio_read
s390_pci_mmio_write
s390_runtime_instr
sched_getaffinity
sched_getattr
sched_getparam
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_rr_get_interval
sched_setaffinity
sched_setattr
sched_setparam
sched_setscheduler
sched_yield
seccomp
security
select
semctl
semget
semop
semtimedop
send
sendfile
sendfile64
sendmmsg
sendmsg
sendto
setdomainname
setfsgid
setfsgid32
setfsuid
setfsuid32
setgid
setgid32
setgroups
setgroups32
sethostname
setitimer
set_mempolicy
setns
setpgid
setpriority
setregid
setregid32
setresgid
setresgid32
setresuid
setresuid32
setreuid
setreuid32
setrlimit
set_robust_list
setsid
setsockopt
set_thread_area
set_tid_address
settimeofday
set_tls
setuid
setuid32
setxattr
sgetmask
shmat
shmctl
shmdt
shmget
shutdown
sigaction
sigaltstack
signal
signalfd
signalfd4
sigpending
sigprocmask
sigreturn
sigsuspend
socket
socketcall
socketpair
splice
spu_create
spu_run
ssetmask
stat
stat64
statfs
statfs64
stime
stty
subpage_prot
swapcontext
swapoff
swapon
switch_endian
symlink
symlinkat
sync
sync_file_range
sync_file_range2
syncfs
syscall
_sysctl
sys_debug_setcontext
sysfs
sysinfo
syslog
tee
tgkill
time
timer_create
timer_delete
timerfd
timerfd_create
timerfd_gettime
timerfd_settime
timer_getoverrun
timer_gettime
timer_settime
times
tkill
truncate
truncate64
tuxcall
ugetrlimit
ulimit
umask
umount
umount2
uname
unlink
unlinkat
unshare
uselib
userfaultfd
usr26
usr32
ustat
utime
utimensat
utimes
vfork
vhangup
vm86
vm86old
vmsplice
vserver
wait4
waitid
waitpid
write
writev