// +build linux,seccomp
package native
import (
"syscall"
"github.com/opencontainers/runc/libcontainer/configs"
libseccomp "github.com/seccomp/libseccomp-golang"
)
func arches() []string {
var native, err = libseccomp.GetNativeArch()
if err != nil {
return []string{}
}
var a = native.String()
switch a {
case "amd64":
return []string{"amd64", "x86", "x32"}
case "arm64":
return []string{"arm64", "arm"}
case "mips64":
return []string{"mips64", "mips64n32", "mips"}
case "mips64n32":
return []string{"mips64", "mips64n32", "mips"}
case "mipsel64":
return []string{"mipsel64", "mipsel64n32", "mipsel"}
case "mipsel64n32":
return []string{"mipsel64", "mipsel64n32", "mipsel"}
default:
return []string{a}
}
}
var defaultSeccompProfile = &configs.Seccomp{
DefaultAction: configs.Errno,
Architectures: arches(),
Syscalls: []*configs.Syscall{
{
Name: "accept",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "accept4",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "access",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "alarm",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "arch_prctl",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "bind",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "brk",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "capget",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "capset",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "chdir",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "chmod",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "chown",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "chown32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "chroot",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "clock_getres",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "clock_gettime",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "clock_nanosleep",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "clone",
Action: configs.Allow,
Args: []*configs.Arg{
{
Index: 0,
Value: syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET,
ValueTwo: 0,
Op: configs.MaskEqualTo,
},
},
},
{
Name: "close",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "connect",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "creat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "dup",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "dup2",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "dup3",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "epoll_create",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "epoll_create1",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "epoll_ctl",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "epoll_ctl_old",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "epoll_pwait",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "epoll_wait",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "epoll_wait_old",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "eventfd",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "eventfd2",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "execve",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "execveat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "exit",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "exit_group",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "faccessat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fadvise64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fadvise64_64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fallocate",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fanotify_init",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fanotify_mark",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fchdir",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fchmod",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fchmodat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fchown",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fchown32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fchownat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fcntl",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fcntl64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fdatasync",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fgetxattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "flistxattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "flock",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fork",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fremovexattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fsetxattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fstat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fstat64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fstatat64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fstatfs",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fstatfs64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fsync",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "ftruncate",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "ftruncate64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "futex",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "futimesat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getcpu",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getcwd",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getdents",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getdents64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getegid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getegid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "geteuid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "geteuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getgid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getgid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getgroups",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getgroups32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getitimer",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getpeername",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getpgid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getpgrp",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getpid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getppid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getpriority",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getrandom",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getresgid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getresgid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getresuid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getresuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getrlimit",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "get_robust_list",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getrusage",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getsid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getsockname",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getsockopt",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "get_thread_area",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "gettid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "gettimeofday",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getuid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "getxattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "inotify_add_watch",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "inotify_init",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "inotify_init1",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "inotify_rm_watch",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "io_cancel",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "ioctl",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "io_destroy",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "io_getevents",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "ioprio_get",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "ioprio_set",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "io_setup",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "io_submit",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "kill",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "lchown",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "lchown32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "lgetxattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "link",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "linkat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "listen",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "listxattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "llistxattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "_llseek",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "lremovexattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "lseek",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "lsetxattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "lstat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "lstat64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "madvise",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "memfd_create",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mincore",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mkdir",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mkdirat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mknod",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mknodat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mlock",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mlockall",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mmap",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mmap2",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mprotect",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mq_getsetattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mq_notify",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mq_open",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mq_timedreceive",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mq_timedsend",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mq_unlink",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "mremap",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "msgctl",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "msgget",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "msgrcv",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "msgsnd",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "msync",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "munlock",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "munlockall",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "munmap",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "nanosleep",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "newfstatat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "_newselect",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "open",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "openat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "pause",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "pipe",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "pipe2",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "poll",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "ppoll",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "prctl",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "pread64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "preadv",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "prlimit64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "pselect6",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "pwrite64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "pwritev",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "read",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "readahead",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "readlink",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "readlinkat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "readv",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "recv",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "recvfrom",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "recvmmsg",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "recvmsg",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "remap_file_pages",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "removexattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "rename",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "renameat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "renameat2",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "rmdir",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "rt_sigaction",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "rt_sigpending",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "rt_sigprocmask",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "rt_sigqueueinfo",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "rt_sigreturn",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "rt_sigsuspend",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "rt_sigtimedwait",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "rt_tgsigqueueinfo",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_getaffinity",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_getattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_getparam",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_get_priority_max",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_get_priority_min",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_getscheduler",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_rr_get_interval",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_setaffinity",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_setattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_setparam",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_setscheduler",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sched_yield",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "seccomp",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "select",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "semctl",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "semget",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "semop",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "semtimedop",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "send",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sendfile",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sendfile64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sendmmsg",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sendmsg",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sendto",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setdomainname",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setfsgid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setfsgid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setfsuid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setfsuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setgid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setgid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setgroups",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setgroups32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sethostname",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setitimer",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setpgid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setpriority",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setregid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setregid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setresgid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setresgid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setresuid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setresuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setreuid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setreuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setrlimit",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "set_robust_list",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setsid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setsockopt",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "set_thread_area",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "set_tid_address",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setuid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "setxattr",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "shmat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "shmctl",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "shmdt",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "shmget",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "shutdown",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sigaltstack",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "signalfd",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "signalfd4",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sigreturn",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "socket",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "socketpair",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "splice",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "stat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "stat64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "statfs",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "statfs64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "symlink",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "symlinkat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sync",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sync_file_range",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "syncfs",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "sysinfo",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "syslog",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "tee",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "tgkill",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "time",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "timer_create",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "timer_delete",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "timerfd_create",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "timerfd_gettime",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "timerfd_settime",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "timer_getoverrun",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "timer_gettime",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "timer_settime",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "times",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "tkill",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "truncate",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "truncate64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "ugetrlimit",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "umask",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "uname",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "unlink",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "unlinkat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "utime",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "utimensat",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "utimes",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "vfork",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "vhangup",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "vmsplice",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "wait4",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "waitid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "waitpid",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "write",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "writev",
Action: configs.Allow,
Args: []*configs.Arg{},
},
// i386 specific syscalls
{
Name: "modify_ldt",
Action: configs.Allow,
Args: []*configs.Arg{},
},
// arm specific syscalls
{
Name: "breakpoint",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "cacheflush",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "set_tls",
Action: configs.Allow,
Args: []*configs.Arg{},
},
},
}