github.com/moby/docker@v26.1.3+incompatible/oci/fixtures/default.json (about) 1 { 2 "defaultAction": "SCMP_ACT_ERRNO", 3 "archMap": [ 4 { 5 "architecture": "SCMP_ARCH_X86_64", 6 "subArchitectures": [ 7 "SCMP_ARCH_X86", 8 "SCMP_ARCH_X32" 9 ] 10 }, 11 { 12 "architecture": "SCMP_ARCH_AARCH64", 13 "subArchitectures": [ 14 "SCMP_ARCH_ARM" 15 ] 16 }, 17 { 18 "architecture": "SCMP_ARCH_MIPS64", 19 "subArchitectures": [ 20 "SCMP_ARCH_MIPS", 21 "SCMP_ARCH_MIPS64N32" 22 ] 23 }, 24 { 25 "architecture": "SCMP_ARCH_MIPS64N32", 26 "subArchitectures": [ 27 "SCMP_ARCH_MIPS", 28 "SCMP_ARCH_MIPS64" 29 ] 30 }, 31 { 32 "architecture": "SCMP_ARCH_MIPSEL64", 33 "subArchitectures": [ 34 "SCMP_ARCH_MIPSEL", 35 "SCMP_ARCH_MIPSEL64N32" 36 ] 37 }, 38 { 39 "architecture": "SCMP_ARCH_MIPSEL64N32", 40 "subArchitectures": [ 41 "SCMP_ARCH_MIPSEL", 42 "SCMP_ARCH_MIPSEL64" 43 ] 44 }, 45 { 46 "architecture": "SCMP_ARCH_S390X", 47 "subArchitectures": [ 48 "SCMP_ARCH_S390" 49 ] 50 } 51 ], 52 "syscalls": [ 53 { 54 "names": [ 55 "accept", 56 "accept4", 57 "access", 58 "adjtimex", 59 "alarm", 60 "bind", 61 "brk", 62 "capget", 63 "capset", 64 "chdir", 65 "chmod", 66 "chown", 67 "chown32", 68 "clock_getres", 69 "clock_getres_time64", 70 "clock_gettime", 71 "clock_gettime64", 72 "clock_nanosleep", 73 "clock_nanosleep_time64", 74 "close", 75 "connect", 76 "copy_file_range", 77 "creat", 78 "dup", 79 "dup2", 80 "dup3", 81 "epoll_create", 82 "epoll_create1", 83 "epoll_ctl", 84 "epoll_ctl_old", 85 "epoll_pwait", 86 "epoll_wait", 87 "epoll_wait_old", 88 "eventfd", 89 "eventfd2", 90 "execve", 91 "execveat", 92 "exit", 93 "exit_group", 94 "faccessat", 95 "fadvise64", 96 "fadvise64_64", 97 "fallocate", 98 "fanotify_mark", 99 "fchdir", 100 "fchmod", 101 "fchmodat", 102 "fchown", 103 "fchown32", 104 "fchownat", 105 "fcntl", 106 "fcntl64", 107 "fdatasync", 108 "fgetxattr", 109 "flistxattr", 110 "flock", 111 "fork", 112 "fremovexattr", 113 "fsetxattr", 114 "fstat", 115 "fstat64", 116 "fstatat64", 117 "fstatfs", 118 "fstatfs64", 119 "fsync", 120 "ftruncate", 121 "ftruncate64", 122 "futex", 123 "futex_time64", 124 "futimesat", 125 "getcpu", 126 "getcwd", 127 "getdents", 128 "getdents64", 129 "getegid", 130 "getegid32", 131 "geteuid", 132 "geteuid32", 133 "getgid", 134 "getgid32", 135 "getgroups", 136 "getgroups32", 137 "getitimer", 138 "getpeername", 139 "getpgid", 140 "getpgrp", 141 "getpid", 142 "getppid", 143 "getpriority", 144 "getrandom", 145 "getresgid", 146 "getresgid32", 147 "getresuid", 148 "getresuid32", 149 "getrlimit", 150 "get_robust_list", 151 "getrusage", 152 "getsid", 153 "getsockname", 154 "getsockopt", 155 "get_thread_area", 156 "gettid", 157 "gettimeofday", 158 "getuid", 159 "getuid32", 160 "getxattr", 161 "inotify_add_watch", 162 "inotify_init", 163 "inotify_init1", 164 "inotify_rm_watch", 165 "io_cancel", 166 "ioctl", 167 "io_destroy", 168 "io_getevents", 169 "io_pgetevents", 170 "io_pgetevents_time64", 171 "ioprio_get", 172 "ioprio_set", 173 "io_setup", 174 "io_submit", 175 "ipc", 176 "kill", 177 "lchown", 178 "lchown32", 179 "lgetxattr", 180 "link", 181 "linkat", 182 "listen", 183 "listxattr", 184 "llistxattr", 185 "_llseek", 186 "lremovexattr", 187 "lseek", 188 "lsetxattr", 189 "lstat", 190 "lstat64", 191 "madvise", 192 "memfd_create", 193 "mincore", 194 "mkdir", 195 "mkdirat", 196 "mknod", 197 "mknodat", 198 "mlock", 199 "mlock2", 200 "mlockall", 201 "mmap", 202 "mmap2", 203 "mprotect", 204 "mq_getsetattr", 205 "mq_notify", 206 "mq_open", 207 "mq_timedreceive", 208 "mq_timedreceive_time64", 209 "mq_timedsend", 210 "mq_timedsend_time64", 211 "mq_unlink", 212 "mremap", 213 "msgctl", 214 "msgget", 215 "msgrcv", 216 "msgsnd", 217 "msync", 218 "munlock", 219 "munlockall", 220 "munmap", 221 "nanosleep", 222 "newfstatat", 223 "_newselect", 224 "open", 225 "openat", 226 "pause", 227 "pipe", 228 "pipe2", 229 "poll", 230 "ppoll", 231 "ppoll_time64", 232 "prctl", 233 "pread64", 234 "preadv", 235 "preadv2", 236 "prlimit64", 237 "pselect6", 238 "pselect6_time64", 239 "pwrite64", 240 "pwritev", 241 "pwritev2", 242 "read", 243 "readahead", 244 "readlink", 245 "readlinkat", 246 "readv", 247 "recv", 248 "recvfrom", 249 "recvmmsg", 250 "recvmmsg_time64", 251 "recvmsg", 252 "remap_file_pages", 253 "removexattr", 254 "rename", 255 "renameat", 256 "renameat2", 257 "restart_syscall", 258 "rmdir", 259 "rt_sigaction", 260 "rt_sigpending", 261 "rt_sigprocmask", 262 "rt_sigqueueinfo", 263 "rt_sigreturn", 264 "rt_sigsuspend", 265 "rt_sigtimedwait", 266 "rt_sigtimedwait_time64", 267 "rt_tgsigqueueinfo", 268 "sched_getaffinity", 269 "sched_getattr", 270 "sched_getparam", 271 "sched_get_priority_max", 272 "sched_get_priority_min", 273 "sched_getscheduler", 274 "sched_rr_get_interval", 275 "sched_rr_get_interval_time64", 276 "sched_setaffinity", 277 "sched_setattr", 278 "sched_setparam", 279 "sched_setscheduler", 280 "sched_yield", 281 "seccomp", 282 "select", 283 "semctl", 284 "semget", 285 "semop", 286 "semtimedop", 287 "semtimedop_time64", 288 "send", 289 "sendfile", 290 "sendfile64", 291 "sendmmsg", 292 "sendmsg", 293 "sendto", 294 "setfsgid", 295 "setfsgid32", 296 "setfsuid", 297 "setfsuid32", 298 "setgid", 299 "setgid32", 300 "setgroups", 301 "setgroups32", 302 "setitimer", 303 "setpgid", 304 "setpriority", 305 "setregid", 306 "setregid32", 307 "setresgid", 308 "setresgid32", 309 "setresuid", 310 "setresuid32", 311 "setreuid", 312 "setreuid32", 313 "setrlimit", 314 "set_robust_list", 315 "setsid", 316 "setsockopt", 317 "set_thread_area", 318 "set_tid_address", 319 "setuid", 320 "setuid32", 321 "setxattr", 322 "shmat", 323 "shmctl", 324 "shmdt", 325 "shmget", 326 "shutdown", 327 "sigaltstack", 328 "signalfd", 329 "signalfd4", 330 "sigprocmask", 331 "sigreturn", 332 "socket", 333 "socketcall", 334 "socketpair", 335 "splice", 336 "stat", 337 "stat64", 338 "statfs", 339 "statfs64", 340 "statx", 341 "symlink", 342 "symlinkat", 343 "sync", 344 "sync_file_range", 345 "syncfs", 346 "sysinfo", 347 "tee", 348 "tgkill", 349 "time", 350 "timer_create", 351 "timer_delete", 352 "timer_getoverrun", 353 "timer_gettime", 354 "timer_gettime64", 355 "timer_settime", 356 "timer_settime64", 357 "timerfd_create", 358 "timerfd_gettime", 359 "timerfd_gettime64", 360 "timerfd_settime", 361 "timerfd_settime64", 362 "times", 363 "tkill", 364 "truncate", 365 "truncate64", 366 "ugetrlimit", 367 "umask", 368 "uname", 369 "unlink", 370 "unlinkat", 371 "utime", 372 "utimensat", 373 "utimensat_time64", 374 "utimes", 375 "vfork", 376 "vmsplice", 377 "wait4", 378 "waitid", 379 "waitpid", 380 "write", 381 "writev" 382 ], 383 "action": "SCMP_ACT_ALLOW", 384 "args": [], 385 "comment": "", 386 "includes": {}, 387 "excludes": {} 388 }, 389 { 390 "names": [ 391 "ptrace" 392 ], 393 "action": "SCMP_ACT_ALLOW", 394 "args": null, 395 "comment": "", 396 "includes": { 397 "minKernel": "4.8" 398 }, 399 "excludes": {} 400 }, 401 { 402 "names": [ 403 "personality" 404 ], 405 "action": "SCMP_ACT_ALLOW", 406 "args": [ 407 { 408 "index": 0, 409 "value": 0, 410 "valueTwo": 0, 411 "op": "SCMP_CMP_EQ" 412 } 413 ], 414 "comment": "", 415 "includes": {}, 416 "excludes": {} 417 }, 418 { 419 "names": [ 420 "personality" 421 ], 422 "action": "SCMP_ACT_ALLOW", 423 "args": [ 424 { 425 "index": 0, 426 "value": 8, 427 "valueTwo": 0, 428 "op": "SCMP_CMP_EQ" 429 } 430 ], 431 "comment": "", 432 "includes": {}, 433 "excludes": {} 434 }, 435 { 436 "names": [ 437 "personality" 438 ], 439 "action": "SCMP_ACT_ALLOW", 440 "args": [ 441 { 442 "index": 0, 443 "value": 131072, 444 "valueTwo": 0, 445 "op": "SCMP_CMP_EQ" 446 } 447 ], 448 "comment": "", 449 "includes": {}, 450 "excludes": {} 451 }, 452 { 453 "names": [ 454 "personality" 455 ], 456 "action": "SCMP_ACT_ALLOW", 457 "args": [ 458 { 459 "index": 0, 460 "value": 131080, 461 "valueTwo": 0, 462 "op": "SCMP_CMP_EQ" 463 } 464 ], 465 "comment": "", 466 "includes": {}, 467 "excludes": {} 468 }, 469 { 470 "names": [ 471 "personality" 472 ], 473 "action": "SCMP_ACT_ALLOW", 474 "args": [ 475 { 476 "index": 0, 477 "value": 4294967295, 478 "valueTwo": 0, 479 "op": "SCMP_CMP_EQ" 480 } 481 ], 482 "comment": "", 483 "includes": {}, 484 "excludes": {} 485 }, 486 { 487 "names": [ 488 "sync_file_range2" 489 ], 490 "action": "SCMP_ACT_ALLOW", 491 "args": [], 492 "comment": "", 493 "includes": { 494 "arches": [ 495 "ppc64le" 496 ] 497 }, 498 "excludes": {} 499 }, 500 { 501 "names": [ 502 "arm_fadvise64_64", 503 "arm_sync_file_range", 504 "sync_file_range2", 505 "breakpoint", 506 "cacheflush", 507 "set_tls" 508 ], 509 "action": "SCMP_ACT_ALLOW", 510 "args": [], 511 "comment": "", 512 "includes": { 513 "arches": [ 514 "arm", 515 "arm64" 516 ] 517 }, 518 "excludes": {} 519 }, 520 { 521 "names": [ 522 "arch_prctl" 523 ], 524 "action": "SCMP_ACT_ALLOW", 525 "args": [], 526 "comment": "", 527 "includes": { 528 "arches": [ 529 "amd64", 530 "x32" 531 ] 532 }, 533 "excludes": {} 534 }, 535 { 536 "names": [ 537 "modify_ldt" 538 ], 539 "action": "SCMP_ACT_ALLOW", 540 "args": [], 541 "comment": "", 542 "includes": { 543 "arches": [ 544 "amd64", 545 "x32", 546 "x86" 547 ] 548 }, 549 "excludes": {} 550 }, 551 { 552 "names": [ 553 "s390_pci_mmio_read", 554 "s390_pci_mmio_write", 555 "s390_runtime_instr" 556 ], 557 "action": "SCMP_ACT_ALLOW", 558 "args": [], 559 "comment": "", 560 "includes": { 561 "arches": [ 562 "s390", 563 "s390x" 564 ] 565 }, 566 "excludes": {} 567 }, 568 { 569 "names": [ 570 "open_by_handle_at" 571 ], 572 "action": "SCMP_ACT_ALLOW", 573 "args": [], 574 "comment": "", 575 "includes": { 576 "caps": [ 577 "CAP_DAC_READ_SEARCH" 578 ] 579 }, 580 "excludes": {} 581 }, 582 { 583 "names": [ 584 "bpf", 585 "clone", 586 "fanotify_init", 587 "lookup_dcookie", 588 "mount", 589 "name_to_handle_at", 590 "perf_event_open", 591 "quotactl", 592 "setdomainname", 593 "sethostname", 594 "setns", 595 "syslog", 596 "umount", 597 "umount2", 598 "unshare" 599 ], 600 "action": "SCMP_ACT_ALLOW", 601 "args": [], 602 "comment": "", 603 "includes": { 604 "caps": [ 605 "CAP_SYS_ADMIN" 606 ] 607 }, 608 "excludes": {} 609 }, 610 { 611 "names": [ 612 "clone" 613 ], 614 "action": "SCMP_ACT_ALLOW", 615 "args": [ 616 { 617 "index": 0, 618 "value": 2080505856, 619 "valueTwo": 0, 620 "op": "SCMP_CMP_MASKED_EQ" 621 } 622 ], 623 "comment": "", 624 "includes": {}, 625 "excludes": { 626 "caps": [ 627 "CAP_SYS_ADMIN" 628 ], 629 "arches": [ 630 "s390", 631 "s390x" 632 ] 633 } 634 }, 635 { 636 "names": [ 637 "clone" 638 ], 639 "action": "SCMP_ACT_ALLOW", 640 "args": [ 641 { 642 "index": 1, 643 "value": 2080505856, 644 "valueTwo": 0, 645 "op": "SCMP_CMP_MASKED_EQ" 646 } 647 ], 648 "comment": "s390 parameter ordering for clone is different", 649 "includes": { 650 "arches": [ 651 "s390", 652 "s390x" 653 ] 654 }, 655 "excludes": { 656 "caps": [ 657 "CAP_SYS_ADMIN" 658 ] 659 } 660 }, 661 { 662 "names": [ 663 "reboot" 664 ], 665 "action": "SCMP_ACT_ALLOW", 666 "args": [], 667 "comment": "", 668 "includes": { 669 "caps": [ 670 "CAP_SYS_BOOT" 671 ] 672 }, 673 "excludes": {} 674 }, 675 { 676 "names": [ 677 "chroot" 678 ], 679 "action": "SCMP_ACT_ALLOW", 680 "args": [], 681 "comment": "", 682 "includes": { 683 "caps": [ 684 "CAP_SYS_CHROOT" 685 ] 686 }, 687 "excludes": {} 688 }, 689 { 690 "names": [ 691 "delete_module", 692 "init_module", 693 "finit_module", 694 "query_module" 695 ], 696 "action": "SCMP_ACT_ALLOW", 697 "args": [], 698 "comment": "", 699 "includes": { 700 "caps": [ 701 "CAP_SYS_MODULE" 702 ] 703 }, 704 "excludes": {} 705 }, 706 { 707 "names": [ 708 "acct" 709 ], 710 "action": "SCMP_ACT_ALLOW", 711 "args": [], 712 "comment": "", 713 "includes": { 714 "caps": [ 715 "CAP_SYS_PACCT" 716 ] 717 }, 718 "excludes": {} 719 }, 720 { 721 "names": [ 722 "kcmp", 723 "process_vm_readv", 724 "process_vm_writev", 725 "ptrace" 726 ], 727 "action": "SCMP_ACT_ALLOW", 728 "args": [], 729 "comment": "", 730 "includes": { 731 "caps": [ 732 "CAP_SYS_PTRACE" 733 ] 734 }, 735 "excludes": {} 736 }, 737 { 738 "names": [ 739 "iopl", 740 "ioperm" 741 ], 742 "action": "SCMP_ACT_ALLOW", 743 "args": [], 744 "comment": "", 745 "includes": { 746 "caps": [ 747 "CAP_SYS_RAWIO" 748 ] 749 }, 750 "excludes": {} 751 }, 752 { 753 "names": [ 754 "settimeofday", 755 "stime", 756 "clock_settime" 757 ], 758 "action": "SCMP_ACT_ALLOW", 759 "args": [], 760 "comment": "", 761 "includes": { 762 "caps": [ 763 "CAP_SYS_TIME" 764 ] 765 }, 766 "excludes": {} 767 }, 768 { 769 "names": [ 770 "vhangup" 771 ], 772 "action": "SCMP_ACT_ALLOW", 773 "args": [], 774 "comment": "", 775 "includes": { 776 "caps": [ 777 "CAP_SYS_TTY_CONFIG" 778 ] 779 }, 780 "excludes": {} 781 }, 782 { 783 "names": [ 784 "get_mempolicy", 785 "mbind", 786 "set_mempolicy" 787 ], 788 "action": "SCMP_ACT_ALLOW", 789 "args": [], 790 "comment": "", 791 "includes": { 792 "caps": [ 793 "CAP_SYS_NICE" 794 ] 795 }, 796 "excludes": {} 797 }, 798 { 799 "names": [ 800 "syslog" 801 ], 802 "action": "SCMP_ACT_ALLOW", 803 "args": [], 804 "comment": "", 805 "includes": { 806 "caps": [ 807 "CAP_SYSLOG" 808 ] 809 }, 810 "excludes": {} 811 } 812 ] 813 }