Browse code
add 32bit syscalls to whitelist
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Jessica Frazelle authored on 2015/12/30 06:48:31Showing 1 changed files
| ... | ... |
@@ -72,6 +72,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 72 | 72 |
Args: []*configs.Arg{},
|
| 73 | 73 |
}, |
| 74 | 74 |
{
|
| 75 |
+ Name: "chown32", |
|
| 76 |
+ Action: configs.Allow, |
|
| 77 |
+ Args: []*configs.Arg{},
|
|
| 78 |
+ }, |
|
| 79 |
+ {
|
|
| 75 | 80 |
Name: "chroot", |
| 76 | 81 |
Action: configs.Allow, |
| 77 | 82 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -209,6 +214,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 209 | 209 |
Args: []*configs.Arg{},
|
| 210 | 210 |
}, |
| 211 | 211 |
{
|
| 212 |
+ Name: "fadvise64_64", |
|
| 213 |
+ Action: configs.Allow, |
|
| 214 |
+ Args: []*configs.Arg{},
|
|
| 215 |
+ }, |
|
| 216 |
+ {
|
|
| 212 | 217 |
Name: "fallocate", |
| 213 | 218 |
Action: configs.Allow, |
| 214 | 219 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -244,6 +254,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 244 | 244 |
Args: []*configs.Arg{},
|
| 245 | 245 |
}, |
| 246 | 246 |
{
|
| 247 |
+ Name: "fchown32", |
|
| 248 |
+ Action: configs.Allow, |
|
| 249 |
+ Args: []*configs.Arg{},
|
|
| 250 |
+ }, |
|
| 251 |
+ {
|
|
| 247 | 252 |
Name: "fchownat", |
| 248 | 253 |
Action: configs.Allow, |
| 249 | 254 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -254,6 +269,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 254 | 254 |
Args: []*configs.Arg{},
|
| 255 | 255 |
}, |
| 256 | 256 |
{
|
| 257 |
+ Name: "fcntl64", |
|
| 258 |
+ Action: configs.Allow, |
|
| 259 |
+ Args: []*configs.Arg{},
|
|
| 260 |
+ }, |
|
| 261 |
+ {
|
|
| 257 | 262 |
Name: "fdatasync", |
| 258 | 263 |
Action: configs.Allow, |
| 259 | 264 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -294,11 +314,26 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 294 | 294 |
Args: []*configs.Arg{},
|
| 295 | 295 |
}, |
| 296 | 296 |
{
|
| 297 |
+ Name: "fstat64", |
|
| 298 |
+ Action: configs.Allow, |
|
| 299 |
+ Args: []*configs.Arg{},
|
|
| 300 |
+ }, |
|
| 301 |
+ {
|
|
| 302 |
+ Name: "fstatat64", |
|
| 303 |
+ Action: configs.Allow, |
|
| 304 |
+ Args: []*configs.Arg{},
|
|
| 305 |
+ }, |
|
| 306 |
+ {
|
|
| 297 | 307 |
Name: "fstatfs", |
| 298 | 308 |
Action: configs.Allow, |
| 299 | 309 |
Args: []*configs.Arg{},
|
| 300 | 310 |
}, |
| 301 | 311 |
{
|
| 312 |
+ Name: "fstatfs64", |
|
| 313 |
+ Action: configs.Allow, |
|
| 314 |
+ Args: []*configs.Arg{},
|
|
| 315 |
+ }, |
|
| 316 |
+ {
|
|
| 302 | 317 |
Name: "fsync", |
| 303 | 318 |
Action: configs.Allow, |
| 304 | 319 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -309,6 +344,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 309 | 309 |
Args: []*configs.Arg{},
|
| 310 | 310 |
}, |
| 311 | 311 |
{
|
| 312 |
+ Name: "ftruncate64", |
|
| 313 |
+ Action: configs.Allow, |
|
| 314 |
+ Args: []*configs.Arg{},
|
|
| 315 |
+ }, |
|
| 316 |
+ {
|
|
| 312 | 317 |
Name: "futex", |
| 313 | 318 |
Action: configs.Allow, |
| 314 | 319 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -344,21 +384,41 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 344 | 344 |
Args: []*configs.Arg{},
|
| 345 | 345 |
}, |
| 346 | 346 |
{
|
| 347 |
+ Name: "getegid32", |
|
| 348 |
+ Action: configs.Allow, |
|
| 349 |
+ Args: []*configs.Arg{},
|
|
| 350 |
+ }, |
|
| 351 |
+ {
|
|
| 347 | 352 |
Name: "geteuid", |
| 348 | 353 |
Action: configs.Allow, |
| 349 | 354 |
Args: []*configs.Arg{},
|
| 350 | 355 |
}, |
| 351 | 356 |
{
|
| 357 |
+ Name: "geteuid32", |
|
| 358 |
+ Action: configs.Allow, |
|
| 359 |
+ Args: []*configs.Arg{},
|
|
| 360 |
+ }, |
|
| 361 |
+ {
|
|
| 352 | 362 |
Name: "getgid", |
| 353 | 363 |
Action: configs.Allow, |
| 354 | 364 |
Args: []*configs.Arg{},
|
| 355 | 365 |
}, |
| 356 | 366 |
{
|
| 367 |
+ Name: "getgid32", |
|
| 368 |
+ Action: configs.Allow, |
|
| 369 |
+ Args: []*configs.Arg{},
|
|
| 370 |
+ }, |
|
| 371 |
+ {
|
|
| 357 | 372 |
Name: "getgroups", |
| 358 | 373 |
Action: configs.Allow, |
| 359 | 374 |
Args: []*configs.Arg{},
|
| 360 | 375 |
}, |
| 361 | 376 |
{
|
| 377 |
+ Name: "getgroups32", |
|
| 378 |
+ Action: configs.Allow, |
|
| 379 |
+ Args: []*configs.Arg{},
|
|
| 380 |
+ }, |
|
| 381 |
+ {
|
|
| 362 | 382 |
Name: "getitimer", |
| 363 | 383 |
Action: configs.Allow, |
| 364 | 384 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -404,11 +464,21 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 404 | 404 |
Args: []*configs.Arg{},
|
| 405 | 405 |
}, |
| 406 | 406 |
{
|
| 407 |
+ Name: "getresgid32", |
|
| 408 |
+ Action: configs.Allow, |
|
| 409 |
+ Args: []*configs.Arg{},
|
|
| 410 |
+ }, |
|
| 411 |
+ {
|
|
| 407 | 412 |
Name: "getresuid", |
| 408 | 413 |
Action: configs.Allow, |
| 409 | 414 |
Args: []*configs.Arg{},
|
| 410 | 415 |
}, |
| 411 | 416 |
{
|
| 417 |
+ Name: "getresuid32", |
|
| 418 |
+ Action: configs.Allow, |
|
| 419 |
+ Args: []*configs.Arg{},
|
|
| 420 |
+ }, |
|
| 421 |
+ {
|
|
| 412 | 422 |
Name: "getrlimit", |
| 413 | 423 |
Action: configs.Allow, |
| 414 | 424 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -459,6 +529,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 459 | 459 |
Args: []*configs.Arg{},
|
| 460 | 460 |
}, |
| 461 | 461 |
{
|
| 462 |
+ Name: "getuid32", |
|
| 463 |
+ Action: configs.Allow, |
|
| 464 |
+ Args: []*configs.Arg{},
|
|
| 465 |
+ }, |
|
| 466 |
+ {
|
|
| 462 | 467 |
Name: "getxattr", |
| 463 | 468 |
Action: configs.Allow, |
| 464 | 469 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -534,6 +609,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 534 | 534 |
Args: []*configs.Arg{},
|
| 535 | 535 |
}, |
| 536 | 536 |
{
|
| 537 |
+ Name: "lchown32", |
|
| 538 |
+ Action: configs.Allow, |
|
| 539 |
+ Args: []*configs.Arg{},
|
|
| 540 |
+ }, |
|
| 541 |
+ {
|
|
| 537 | 542 |
Name: "lgetxattr", |
| 538 | 543 |
Action: configs.Allow, |
| 539 | 544 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -584,6 +664,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 584 | 584 |
Args: []*configs.Arg{},
|
| 585 | 585 |
}, |
| 586 | 586 |
{
|
| 587 |
+ Name: "lstat64", |
|
| 588 |
+ Action: configs.Allow, |
|
| 589 |
+ Args: []*configs.Arg{},
|
|
| 590 |
+ }, |
|
| 591 |
+ {
|
|
| 587 | 592 |
Name: "madvise", |
| 588 | 593 |
Action: configs.Allow, |
| 589 | 594 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -734,6 +819,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 734 | 734 |
Args: []*configs.Arg{},
|
| 735 | 735 |
}, |
| 736 | 736 |
{
|
| 737 |
+ Name: "_newselect", |
|
| 738 |
+ Action: configs.Allow, |
|
| 739 |
+ Args: []*configs.Arg{},
|
|
| 740 |
+ }, |
|
| 741 |
+ {
|
|
| 737 | 742 |
Name: "open", |
| 738 | 743 |
Action: configs.Allow, |
| 739 | 744 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -1009,6 +1099,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 1009 | 1009 |
Args: []*configs.Arg{},
|
| 1010 | 1010 |
}, |
| 1011 | 1011 |
{
|
| 1012 |
+ Name: "sendfile64", |
|
| 1013 |
+ Action: configs.Allow, |
|
| 1014 |
+ Args: []*configs.Arg{},
|
|
| 1015 |
+ }, |
|
| 1016 |
+ {
|
|
| 1012 | 1017 |
Name: "sendmmsg", |
| 1013 | 1018 |
Action: configs.Allow, |
| 1014 | 1019 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -1034,21 +1129,41 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 1034 | 1034 |
Args: []*configs.Arg{},
|
| 1035 | 1035 |
}, |
| 1036 | 1036 |
{
|
| 1037 |
+ Name: "setfsgid32", |
|
| 1038 |
+ Action: configs.Allow, |
|
| 1039 |
+ Args: []*configs.Arg{},
|
|
| 1040 |
+ }, |
|
| 1041 |
+ {
|
|
| 1037 | 1042 |
Name: "setfsuid", |
| 1038 | 1043 |
Action: configs.Allow, |
| 1039 | 1044 |
Args: []*configs.Arg{},
|
| 1040 | 1045 |
}, |
| 1041 | 1046 |
{
|
| 1047 |
+ Name: "setfsuid32", |
|
| 1048 |
+ Action: configs.Allow, |
|
| 1049 |
+ Args: []*configs.Arg{},
|
|
| 1050 |
+ }, |
|
| 1051 |
+ {
|
|
| 1042 | 1052 |
Name: "setgid", |
| 1043 | 1053 |
Action: configs.Allow, |
| 1044 | 1054 |
Args: []*configs.Arg{},
|
| 1045 | 1055 |
}, |
| 1046 | 1056 |
{
|
| 1057 |
+ Name: "setgid32", |
|
| 1058 |
+ Action: configs.Allow, |
|
| 1059 |
+ Args: []*configs.Arg{},
|
|
| 1060 |
+ }, |
|
| 1061 |
+ {
|
|
| 1047 | 1062 |
Name: "setgroups", |
| 1048 | 1063 |
Action: configs.Allow, |
| 1049 | 1064 |
Args: []*configs.Arg{},
|
| 1050 | 1065 |
}, |
| 1051 | 1066 |
{
|
| 1067 |
+ Name: "setgroups32", |
|
| 1068 |
+ Action: configs.Allow, |
|
| 1069 |
+ Args: []*configs.Arg{},
|
|
| 1070 |
+ }, |
|
| 1071 |
+ {
|
|
| 1052 | 1072 |
Name: "sethostname", |
| 1053 | 1073 |
Action: configs.Allow, |
| 1054 | 1074 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -1074,21 +1189,41 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 1074 | 1074 |
Args: []*configs.Arg{},
|
| 1075 | 1075 |
}, |
| 1076 | 1076 |
{
|
| 1077 |
+ Name: "setregid32", |
|
| 1078 |
+ Action: configs.Allow, |
|
| 1079 |
+ Args: []*configs.Arg{},
|
|
| 1080 |
+ }, |
|
| 1081 |
+ {
|
|
| 1077 | 1082 |
Name: "setresgid", |
| 1078 | 1083 |
Action: configs.Allow, |
| 1079 | 1084 |
Args: []*configs.Arg{},
|
| 1080 | 1085 |
}, |
| 1081 | 1086 |
{
|
| 1087 |
+ Name: "setresgid32", |
|
| 1088 |
+ Action: configs.Allow, |
|
| 1089 |
+ Args: []*configs.Arg{},
|
|
| 1090 |
+ }, |
|
| 1091 |
+ {
|
|
| 1082 | 1092 |
Name: "setresuid", |
| 1083 | 1093 |
Action: configs.Allow, |
| 1084 | 1094 |
Args: []*configs.Arg{},
|
| 1085 | 1095 |
}, |
| 1086 | 1096 |
{
|
| 1097 |
+ Name: "setresuid32", |
|
| 1098 |
+ Action: configs.Allow, |
|
| 1099 |
+ Args: []*configs.Arg{},
|
|
| 1100 |
+ }, |
|
| 1101 |
+ {
|
|
| 1087 | 1102 |
Name: "setreuid", |
| 1088 | 1103 |
Action: configs.Allow, |
| 1089 | 1104 |
Args: []*configs.Arg{},
|
| 1090 | 1105 |
}, |
| 1091 | 1106 |
{
|
| 1107 |
+ Name: "setreuid32", |
|
| 1108 |
+ Action: configs.Allow, |
|
| 1109 |
+ Args: []*configs.Arg{},
|
|
| 1110 |
+ }, |
|
| 1111 |
+ {
|
|
| 1092 | 1112 |
Name: "setrlimit", |
| 1093 | 1113 |
Action: configs.Allow, |
| 1094 | 1114 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -1119,12 +1254,12 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 1119 | 1119 |
Args: []*configs.Arg{},
|
| 1120 | 1120 |
}, |
| 1121 | 1121 |
{
|
| 1122 |
- Name: "settimeofday", |
|
| 1122 |
+ Name: "setuid", |
|
| 1123 | 1123 |
Action: configs.Allow, |
| 1124 | 1124 |
Args: []*configs.Arg{},
|
| 1125 | 1125 |
}, |
| 1126 | 1126 |
{
|
| 1127 |
- Name: "setuid", |
|
| 1127 |
+ Name: "setuid32", |
|
| 1128 | 1128 |
Action: configs.Allow, |
| 1129 | 1129 |
Args: []*configs.Arg{},
|
| 1130 | 1130 |
}, |
| ... | ... |
@@ -1194,11 +1329,21 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 1194 | 1194 |
Args: []*configs.Arg{},
|
| 1195 | 1195 |
}, |
| 1196 | 1196 |
{
|
| 1197 |
+ Name: "stat64", |
|
| 1198 |
+ Action: configs.Allow, |
|
| 1199 |
+ Args: []*configs.Arg{},
|
|
| 1200 |
+ }, |
|
| 1201 |
+ {
|
|
| 1197 | 1202 |
Name: "statfs", |
| 1198 | 1203 |
Action: configs.Allow, |
| 1199 | 1204 |
Args: []*configs.Arg{},
|
| 1200 | 1205 |
}, |
| 1201 | 1206 |
{
|
| 1207 |
+ Name: "statfs64", |
|
| 1208 |
+ Action: configs.Allow, |
|
| 1209 |
+ Args: []*configs.Arg{},
|
|
| 1210 |
+ }, |
|
| 1211 |
+ {
|
|
| 1202 | 1212 |
Name: "symlink", |
| 1203 | 1213 |
Action: configs.Allow, |
| 1204 | 1214 |
Args: []*configs.Arg{},
|
| ... | ... |
@@ -1309,6 +1454,16 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 1309 | 1309 |
Args: []*configs.Arg{},
|
| 1310 | 1310 |
}, |
| 1311 | 1311 |
{
|
| 1312 |
+ Name: "truncate64", |
|
| 1313 |
+ Action: configs.Allow, |
|
| 1314 |
+ Args: []*configs.Arg{},
|
|
| 1315 |
+ }, |
|
| 1316 |
+ {
|
|
| 1317 |
+ Name: "ugetrlimit", |
|
| 1318 |
+ Action: configs.Allow, |
|
| 1319 |
+ Args: []*configs.Arg{},
|
|
| 1320 |
+ }, |
|
| 1321 |
+ {
|
|
| 1312 | 1322 |
Name: "umask", |
| 1313 | 1323 |
Action: configs.Allow, |
| 1314 | 1324 |
Args: []*configs.Arg{},
|