1. docker
  2. Commit d57816de0293e18ecfa68ac6e8c288a888912e33
Browse code

add default seccomp profile as json

profile is created by go generate

Signed-off-by: Jessica Frazelle <acidburn@docker.com>

Jessica Frazelle authored on 2016/02/09 01:19:21
Showing 5 changed files
profiles/seccomp/default.json
History View file @ d57816d
1 1 
new file mode 100755
... ... 
@@ -0,0 +1,1567 @@
0 
+{
1 
+	"default_action": 2,
2 
+	"architectures": [
3 
+		"amd64",
4 
+		"x86",
5 
+		"x32"
6 
+	],
7 
+	"syscalls": [
8 
+		{
9 
+			"name": "accept",
10 
+			"action": 4,
11 
+			"args": []
12 
+		},
13 
+		{
14 
+			"name": "accept4",
15 
+			"action": 4,
16 
+			"args": []
17 
+		},
18 
+		{
19 
+			"name": "access",
20 
+			"action": 4,
21 
+			"args": []
22 
+		},
23 
+		{
24 
+			"name": "alarm",
25 
+			"action": 4,
26 
+			"args": []
27 
+		},
28 
+		{
29 
+			"name": "arch_prctl",
30 
+			"action": 4,
31 
+			"args": []
32 
+		},
33 
+		{
34 
+			"name": "bind",
35 
+			"action": 4,
36 
+			"args": []
37 
+		},
38 
+		{
39 
+			"name": "brk",
40 
+			"action": 4,
41 
+			"args": []
42 
+		},
43 
+		{
44 
+			"name": "capget",
45 
+			"action": 4,
46 
+			"args": []
47 
+		},
48 
+		{
49 
+			"name": "capset",
50 
+			"action": 4,
51 
+			"args": []
52 
+		},
53 
+		{
54 
+			"name": "chdir",
55 
+			"action": 4,
56 
+			"args": []
57 
+		},
58 
+		{
59 
+			"name": "chmod",
60 
+			"action": 4,
61 
+			"args": []
62 
+		},
63 
+		{
64 
+			"name": "chown",
65 
+			"action": 4,
66 
+			"args": []
67 
+		},
68 
+		{
69 
+			"name": "chown32",
70 
+			"action": 4,
71 
+			"args": []
72 
+		},
73 
+		{
74 
+			"name": "chroot",
75 
+			"action": 4,
76 
+			"args": []
77 
+		},
78 
+		{
79 
+			"name": "clock_getres",
80 
+			"action": 4,
81 
+			"args": []
82 
+		},
83 
+		{
84 
+			"name": "clock_gettime",
85 
+			"action": 4,
86 
+			"args": []
87 
+		},
88 
+		{
89 
+			"name": "clock_nanosleep",
90 
+			"action": 4,
91 
+			"args": []
92 
+		},
93 
+		{
94 
+			"name": "clone",
95 
+			"action": 4,
96 
+			"args": [
97 
+				{
98 
+					"index": 0,
99 
+					"value": 2080505856,
100 
+					"value_two": 0,
101 
+					"op": 7
102 
+				}
103 
+			]
104 
+		},
105 
+		{
106 
+			"name": "close",
107 
+			"action": 4,
108 
+			"args": []
109 
+		},
110 
+		{
111 
+			"name": "connect",
112 
+			"action": 4,
113 
+			"args": []
114 
+		},
115 
+		{
116 
+			"name": "creat",
117 
+			"action": 4,
118 
+			"args": []
119 
+		},
120 
+		{
121 
+			"name": "dup",
122 
+			"action": 4,
123 
+			"args": []
124 
+		},
125 
+		{
126 
+			"name": "dup2",
127 
+			"action": 4,
128 
+			"args": []
129 
+		},
130 
+		{
131 
+			"name": "dup3",
132 
+			"action": 4,
133 
+			"args": []
134 
+		},
135 
+		{
136 
+			"name": "epoll_create",
137 
+			"action": 4,
138 
+			"args": []
139 
+		},
140 
+		{
141 
+			"name": "epoll_create1",
142 
+			"action": 4,
143 
+			"args": []
144 
+		},
145 
+		{
146 
+			"name": "epoll_ctl",
147 
+			"action": 4,
148 
+			"args": []
149 
+		},
150 
+		{
151 
+			"name": "epoll_ctl_old",
152 
+			"action": 4,
153 
+			"args": []
154 
+		},
155 
+		{
156 
+			"name": "epoll_pwait",
157 
+			"action": 4,
158 
+			"args": []
159 
+		},
160 
+		{
161 
+			"name": "epoll_wait",
162 
+			"action": 4,
163 
+			"args": []
164 
+		},
165 
+		{
166 
+			"name": "epoll_wait_old",
167 
+			"action": 4,
168 
+			"args": []
169 
+		},
170 
+		{
171 
+			"name": "eventfd",
172 
+			"action": 4,
173 
+			"args": []
174 
+		},
175 
+		{
176 
+			"name": "eventfd2",
177 
+			"action": 4,
178 
+			"args": []
179 
+		},
180 
+		{
181 
+			"name": "execve",
182 
+			"action": 4,
183 
+			"args": []
184 
+		},
185 
+		{
186 
+			"name": "execveat",
187 
+			"action": 4,
188 
+			"args": []
189 
+		},
190 
+		{
191 
+			"name": "exit",
192 
+			"action": 4,
193 
+			"args": []
194 
+		},
195 
+		{
196 
+			"name": "exit_group",
197 
+			"action": 4,
198 
+			"args": []
199 
+		},
200 
+		{
201 
+			"name": "faccessat",
202 
+			"action": 4,
203 
+			"args": []
204 
+		},
205 
+		{
206 
+			"name": "fadvise64",
207 
+			"action": 4,
208 
+			"args": []
209 
+		},
210 
+		{
211 
+			"name": "fadvise64_64",
212 
+			"action": 4,
213 
+			"args": []
214 
+		},
215 
+		{
216 
+			"name": "fallocate",
217 
+			"action": 4,
218 
+			"args": []
219 
+		},
220 
+		{
221 
+			"name": "fanotify_init",
222 
+			"action": 4,
223 
+			"args": []
224 
+		},
225 
+		{
226 
+			"name": "fanotify_mark",
227 
+			"action": 4,
228 
+			"args": []
229 
+		},
230 
+		{
231 
+			"name": "fchdir",
232 
+			"action": 4,
233 
+			"args": []
234 
+		},
235 
+		{
236 
+			"name": "fchmod",
237 
+			"action": 4,
238 
+			"args": []
239 
+		},
240 
+		{
241 
+			"name": "fchmodat",
242 
+			"action": 4,
243 
+			"args": []
244 
+		},
245 
+		{
246 
+			"name": "fchown",
247 
+			"action": 4,
248 
+			"args": []
249 
+		},
250 
+		{
251 
+			"name": "fchown32",
252 
+			"action": 4,
253 
+			"args": []
254 
+		},
255 
+		{
256 
+			"name": "fchownat",
257 
+			"action": 4,
258 
+			"args": []
259 
+		},
260 
+		{
261 
+			"name": "fcntl",
262 
+			"action": 4,
263 
+			"args": []
264 
+		},
265 
+		{
266 
+			"name": "fcntl64",
267 
+			"action": 4,
268 
+			"args": []
269 
+		},
270 
+		{
271 
+			"name": "fdatasync",
272 
+			"action": 4,
273 
+			"args": []
274 
+		},
275 
+		{
276 
+			"name": "fgetxattr",
277 
+			"action": 4,
278 
+			"args": []
279 
+		},
280 
+		{
281 
+			"name": "flistxattr",
282 
+			"action": 4,
283 
+			"args": []
284 
+		},
285 
+		{
286 
+			"name": "flock",
287 
+			"action": 4,
288 
+			"args": []
289 
+		},
290 
+		{
291 
+			"name": "fork",
292 
+			"action": 4,
293 
+			"args": []
294 
+		},
295 
+		{
296 
+			"name": "fremovexattr",
297 
+			"action": 4,
298 
+			"args": []
299 
+		},
300 
+		{
301 
+			"name": "fsetxattr",
302 
+			"action": 4,
303 
+			"args": []
304 
+		},
305 
+		{
306 
+			"name": "fstat",
307 
+			"action": 4,
308 
+			"args": []
309 
+		},
310 
+		{
311 
+			"name": "fstat64",
312 
+			"action": 4,
313 
+			"args": []
314 
+		},
315 
+		{
316 
+			"name": "fstatat64",
317 
+			"action": 4,
318 
+			"args": []
319 
+		},
320 
+		{
321 
+			"name": "fstatfs",
322 
+			"action": 4,
323 
+			"args": []
324 
+		},
325 
+		{
326 
+			"name": "fstatfs64",
327 
+			"action": 4,
328 
+			"args": []
329 
+		},
330 
+		{
331 
+			"name": "fsync",
332 
+			"action": 4,
333 
+			"args": []
334 
+		},
335 
+		{
336 
+			"name": "ftruncate",
337 
+			"action": 4,
338 
+			"args": []
339 
+		},
340 
+		{
341 
+			"name": "ftruncate64",
342 
+			"action": 4,
343 
+			"args": []
344 
+		},
345 
+		{
346 
+			"name": "futex",
347 
+			"action": 4,
348 
+			"args": []
349 
+		},
350 
+		{
351 
+			"name": "futimesat",
352 
+			"action": 4,
353 
+			"args": []
354 
+		},
355 
+		{
356 
+			"name": "getcpu",
357 
+			"action": 4,
358 
+			"args": []
359 
+		},
360 
+		{
361 
+			"name": "getcwd",
362 
+			"action": 4,
363 
+			"args": []
364 
+		},
365 
+		{
366 
+			"name": "getdents",
367 
+			"action": 4,
368 
+			"args": []
369 
+		},
370 
+		{
371 
+			"name": "getdents64",
372 
+			"action": 4,
373 
+			"args": []
374 
+		},
375 
+		{
376 
+			"name": "getegid",
377 
+			"action": 4,
378 
+			"args": []
379 
+		},
380 
+		{
381 
+			"name": "getegid32",
382 
+			"action": 4,
383 
+			"args": []
384 
+		},
385 
+		{
386 
+			"name": "geteuid",
387 
+			"action": 4,
388 
+			"args": []
389 
+		},
390 
+		{
391 
+			"name": "geteuid32",
392 
+			"action": 4,
393 
+			"args": []
394 
+		},
395 
+		{
396 
+			"name": "getgid",
397 
+			"action": 4,
398 
+			"args": []
399 
+		},
400 
+		{
401 
+			"name": "getgid32",
402 
+			"action": 4,
403 
+			"args": []
404 
+		},
405 
+		{
406 
+			"name": "getgroups",
407 
+			"action": 4,
408 
+			"args": []
409 
+		},
410 
+		{
411 
+			"name": "getgroups32",
412 
+			"action": 4,
413 
+			"args": []
414 
+		},
415 
+		{
416 
+			"name": "getitimer",
417 
+			"action": 4,
418 
+			"args": []
419 
+		},
420 
+		{
421 
+			"name": "getpeername",
422 
+			"action": 4,
423 
+			"args": []
424 
+		},
425 
+		{
426 
+			"name": "getpgid",
427 
+			"action": 4,
428 
+			"args": []
429 
+		},
430 
+		{
431 
+			"name": "getpgrp",
432 
+			"action": 4,
433 
+			"args": []
434 
+		},
435 
+		{
436 
+			"name": "getpid",
437 
+			"action": 4,
438 
+			"args": []
439 
+		},
440 
+		{
441 
+			"name": "getppid",
442 
+			"action": 4,
443 
+			"args": []
444 
+		},
445 
+		{
446 
+			"name": "getpriority",
447 
+			"action": 4,
448 
+			"args": []
449 
+		},
450 
+		{
451 
+			"name": "getrandom",
452 
+			"action": 4,
453 
+			"args": []
454 
+		},
455 
+		{
456 
+			"name": "getresgid",
457 
+			"action": 4,
458 
+			"args": []
459 
+		},
460 
+		{
461 
+			"name": "getresgid32",
462 
+			"action": 4,
463 
+			"args": []
464 
+		},
465 
+		{
466 
+			"name": "getresuid",
467 
+			"action": 4,
468 
+			"args": []
469 
+		},
470 
+		{
471 
+			"name": "getresuid32",
472 
+			"action": 4,
473 
+			"args": []
474 
+		},
475 
+		{
476 
+			"name": "getrlimit",
477 
+			"action": 4,
478 
+			"args": []
479 
+		},
480 
+		{
481 
+			"name": "get_robust_list",
482 
+			"action": 4,
483 
+			"args": []
484 
+		},
485 
+		{
486 
+			"name": "getrusage",
487 
+			"action": 4,
488 
+			"args": []
489 
+		},
490 
+		{
491 
+			"name": "getsid",
492 
+			"action": 4,
493 
+			"args": []
494 
+		},
495 
+		{
496 
+			"name": "getsockname",
497 
+			"action": 4,
498 
+			"args": []
499 
+		},
500 
+		{
501 
+			"name": "getsockopt",
502 
+			"action": 4,
503 
+			"args": []
504 
+		},
505 
+		{
506 
+			"name": "get_thread_area",
507 
+			"action": 4,
508 
+			"args": []
509 
+		},
510 
+		{
511 
+			"name": "gettid",
512 
+			"action": 4,
513 
+			"args": []
514 
+		},
515 
+		{
516 
+			"name": "gettimeofday",
517 
+			"action": 4,
518 
+			"args": []
519 
+		},
520 
+		{
521 
+			"name": "getuid",
522 
+			"action": 4,
523 
+			"args": []
524 
+		},
525 
+		{
526 
+			"name": "getuid32",
527 
+			"action": 4,
528 
+			"args": []
529 
+		},
530 
+		{
531 
+			"name": "getxattr",
532 
+			"action": 4,
533 
+			"args": []
534 
+		},
535 
+		{
536 
+			"name": "inotify_add_watch",
537 
+			"action": 4,
538 
+			"args": []
539 
+		},
540 
+		{
541 
+			"name": "inotify_init",
542 
+			"action": 4,
543 
+			"args": []
544 
+		},
545 
+		{
546 
+			"name": "inotify_init1",
547 
+			"action": 4,
548 
+			"args": []
549 
+		},
550 
+		{
551 
+			"name": "inotify_rm_watch",
552 
+			"action": 4,
553 
+			"args": []
554 
+		},
555 
+		{
556 
+			"name": "io_cancel",
557 
+			"action": 4,
558 
+			"args": []
559 
+		},
560 
+		{
561 
+			"name": "ioctl",
562 
+			"action": 4,
563 
+			"args": []
564 
+		},
565 
+		{
566 
+			"name": "io_destroy",
567 
+			"action": 4,
568 
+			"args": []
569 
+		},
570 
+		{
571 
+			"name": "io_getevents",
572 
+			"action": 4,
573 
+			"args": []
574 
+		},
575 
+		{
576 
+			"name": "ioprio_get",
577 
+			"action": 4,
578 
+			"args": []
579 
+		},
580 
+		{
581 
+			"name": "ioprio_set",
582 
+			"action": 4,
583 
+			"args": []
584 
+		},
585 
+		{
586 
+			"name": "io_setup",
587 
+			"action": 4,
588 
+			"args": []
589 
+		},
590 
+		{
591 
+			"name": "io_submit",
592 
+			"action": 4,
593 
+			"args": []
594 
+		},
595 
+		{
596 
+			"name": "kill",
597 
+			"action": 4,
598 
+			"args": []
599 
+		},
600 
+		{
601 
+			"name": "lchown",
602 
+			"action": 4,
603 
+			"args": []
604 
+		},
605 
+		{
606 
+			"name": "lchown32",
607 
+			"action": 4,
608 
+			"args": []
609 
+		},
610 
+		{
611 
+			"name": "lgetxattr",
612 
+			"action": 4,
613 
+			"args": []
614 
+		},
615 
+		{
616 
+			"name": "link",
617 
+			"action": 4,
618 
+			"args": []
619 
+		},
620 
+		{
621 
+			"name": "linkat",
622 
+			"action": 4,
623 
+			"args": []
624 
+		},
625 
+		{
626 
+			"name": "listen",
627 
+			"action": 4,
628 
+			"args": []
629 
+		},
630 
+		{
631 
+			"name": "listxattr",
632 
+			"action": 4,
633 
+			"args": []
634 
+		},
635 
+		{
636 
+			"name": "llistxattr",
637 
+			"action": 4,
638 
+			"args": []
639 
+		},
640 
+		{
641 
+			"name": "_llseek",
642 
+			"action": 4,
643 
+			"args": []
644 
+		},
645 
+		{
646 
+			"name": "lremovexattr",
647 
+			"action": 4,
648 
+			"args": []
649 
+		},
650 
+		{
651 
+			"name": "lseek",
652 
+			"action": 4,
653 
+			"args": []
654 
+		},
655 
+		{
656 
+			"name": "lsetxattr",
657 
+			"action": 4,
658 
+			"args": []
659 
+		},
660 
+		{
661 
+			"name": "lstat",
662 
+			"action": 4,
663 
+			"args": []
664 
+		},
665 
+		{
666 
+			"name": "lstat64",
667 
+			"action": 4,
668 
+			"args": []
669 
+		},
670 
+		{
671 
+			"name": "madvise",
672 
+			"action": 4,
673 
+			"args": []
674 
+		},
675 
+		{
676 
+			"name": "memfd_create",
677 
+			"action": 4,
678 
+			"args": []
679 
+		},
680 
+		{
681 
+			"name": "mincore",
682 
+			"action": 4,
683 
+			"args": []
684 
+		},
685 
+		{
686 
+			"name": "mkdir",
687 
+			"action": 4,
688 
+			"args": []
689 
+		},
690 
+		{
691 
+			"name": "mkdirat",
692 
+			"action": 4,
693 
+			"args": []
694 
+		},
695 
+		{
696 
+			"name": "mknod",
697 
+			"action": 4,
698 
+			"args": []
699 
+		},
700 
+		{
701 
+			"name": "mknodat",
702 
+			"action": 4,
703 
+			"args": []
704 
+		},
705 
+		{
706 
+			"name": "mlock",
707 
+			"action": 4,
708 
+			"args": []
709 
+		},
710 
+		{
711 
+			"name": "mlockall",
712 
+			"action": 4,
713 
+			"args": []
714 
+		},
715 
+		{
716 
+			"name": "mmap",
717 
+			"action": 4,
718 
+			"args": []
719 
+		},
720 
+		{
721 
+			"name": "mmap2",
722 
+			"action": 4,
723 
+			"args": []
724 
+		},
725 
+		{
726 
+			"name": "mprotect",
727 
+			"action": 4,
728 
+			"args": []
729 
+		},
730 
+		{
731 
+			"name": "mq_getsetattr",
732 
+			"action": 4,
733 
+			"args": []
734 
+		},
735 
+		{
736 
+			"name": "mq_notify",
737 
+			"action": 4,
738 
+			"args": []
739 
+		},
740 
+		{
741 
+			"name": "mq_open",
742 
+			"action": 4,
743 
+			"args": []
744 
+		},
745 
+		{
746 
+			"name": "mq_timedreceive",
747 
+			"action": 4,
748 
+			"args": []
749 
+		},
750 
+		{
751 
+			"name": "mq_timedsend",
752 
+			"action": 4,
753 
+			"args": []
754 
+		},
755 
+		{
756 
+			"name": "mq_unlink",
757 
+			"action": 4,
758 
+			"args": []
759 
+		},
760 
+		{
761 
+			"name": "mremap",
762 
+			"action": 4,
763 
+			"args": []
764 
+		},
765 
+		{
766 
+			"name": "msgctl",
767 
+			"action": 4,
768 
+			"args": []
769 
+		},
770 
+		{
771 
+			"name": "msgget",
772 
+			"action": 4,
773 
+			"args": []
774 
+		},
775 
+		{
776 
+			"name": "msgrcv",
777 
+			"action": 4,
778 
+			"args": []
779 
+		},
780 
+		{
781 
+			"name": "msgsnd",
782 
+			"action": 4,
783 
+			"args": []
784 
+		},
785 
+		{
786 
+			"name": "msync",
787 
+			"action": 4,
788 
+			"args": []
789 
+		},
790 
+		{
791 
+			"name": "munlock",
792 
+			"action": 4,
793 
+			"args": []
794 
+		},
795 
+		{
796 
+			"name": "munlockall",
797 
+			"action": 4,
798 
+			"args": []
799 
+		},
800 
+		{
801 
+			"name": "munmap",
802 
+			"action": 4,
803 
+			"args": []
804 
+		},
805 
+		{
806 
+			"name": "nanosleep",
807 
+			"action": 4,
808 
+			"args": []
809 
+		},
810 
+		{
811 
+			"name": "newfstatat",
812 
+			"action": 4,
813 
+			"args": []
814 
+		},
815 
+		{
816 
+			"name": "_newselect",
817 
+			"action": 4,
818 
+			"args": []
819 
+		},
820 
+		{
821 
+			"name": "open",
822 
+			"action": 4,
823 
+			"args": []
824 
+		},
825 
+		{
826 
+			"name": "openat",
827 
+			"action": 4,
828 
+			"args": []
829 
+		},
830 
+		{
831 
+			"name": "pause",
832 
+			"action": 4,
833 
+			"args": []
834 
+		},
835 
+		{
836 
+			"name": "pipe",
837 
+			"action": 4,
838 
+			"args": []
839 
+		},
840 
+		{
841 
+			"name": "pipe2",
842 
+			"action": 4,
843 
+			"args": []
844 
+		},
845 
+		{
846 
+			"name": "poll",
847 
+			"action": 4,
848 
+			"args": []
849 
+		},
850 
+		{
851 
+			"name": "ppoll",
852 
+			"action": 4,
853 
+			"args": []
854 
+		},
855 
+		{
856 
+			"name": "prctl",
857 
+			"action": 4,
858 
+			"args": []
859 
+		},
860 
+		{
861 
+			"name": "pread64",
862 
+			"action": 4,
863 
+			"args": []
864 
+		},
865 
+		{
866 
+			"name": "preadv",
867 
+			"action": 4,
868 
+			"args": []
869 
+		},
870 
+		{
871 
+			"name": "prlimit64",
872 
+			"action": 4,
873 
+			"args": []
874 
+		},
875 
+		{
876 
+			"name": "pselect6",
877 
+			"action": 4,
878 
+			"args": []
879 
+		},
880 
+		{
881 
+			"name": "pwrite64",
882 
+			"action": 4,
883 
+			"args": []
884 
+		},
885 
+		{
886 
+			"name": "pwritev",
887 
+			"action": 4,
888 
+			"args": []
889 
+		},
890 
+		{
891 
+			"name": "read",
892 
+			"action": 4,
893 
+			"args": []
894 
+		},
895 
+		{
896 
+			"name": "readahead",
897 
+			"action": 4,
898 
+			"args": []
899 
+		},
900 
+		{
901 
+			"name": "readlink",
902 
+			"action": 4,
903 
+			"args": []
904 
+		},
905 
+		{
906 
+			"name": "readlinkat",
907 
+			"action": 4,
908 
+			"args": []
909 
+		},
910 
+		{
911 
+			"name": "readv",
912 
+			"action": 4,
913 
+			"args": []
914 
+		},
915 
+		{
916 
+			"name": "recv",
917 
+			"action": 4,
918 
+			"args": []
919 
+		},
920 
+		{
921 
+			"name": "recvfrom",
922 
+			"action": 4,
923 
+			"args": []
924 
+		},
925 
+		{
926 
+			"name": "recvmmsg",
927 
+			"action": 4,
928 
+			"args": []
929 
+		},
930 
+		{
931 
+			"name": "recvmsg",
932 
+			"action": 4,
933 
+			"args": []
934 
+		},
935 
+		{
936 
+			"name": "remap_file_pages",
937 
+			"action": 4,
938 
+			"args": []
939 
+		},
940 
+		{
941 
+			"name": "removexattr",
942 
+			"action": 4,
943 
+			"args": []
944 
+		},
945 
+		{
946 
+			"name": "rename",
947 
+			"action": 4,
948 
+			"args": []
949 
+		},
950 
+		{
951 
+			"name": "renameat",
952 
+			"action": 4,
953 
+			"args": []
954 
+		},
955 
+		{
956 
+			"name": "renameat2",
957 
+			"action": 4,
958 
+			"args": []
959 
+		},
960 
+		{
961 
+			"name": "rmdir",
962 
+			"action": 4,
963 
+			"args": []
964 
+		},
965 
+		{
966 
+			"name": "rt_sigaction",
967 
+			"action": 4,
968 
+			"args": []
969 
+		},
970 
+		{
971 
+			"name": "rt_sigpending",
972 
+			"action": 4,
973 
+			"args": []
974 
+		},
975 
+		{
976 
+			"name": "rt_sigprocmask",
977 
+			"action": 4,
978 
+			"args": []
979 
+		},
980 
+		{
981 
+			"name": "rt_sigqueueinfo",
982 
+			"action": 4,
983 
+			"args": []
984 
+		},
985 
+		{
986 
+			"name": "rt_sigreturn",
987 
+			"action": 4,
988 
+			"args": []
989 
+		},
990 
+		{
991 
+			"name": "rt_sigsuspend",
992 
+			"action": 4,
993 
+			"args": []
994 
+		},
995 
+		{
996 
+			"name": "rt_sigtimedwait",
997 
+			"action": 4,
998 
+			"args": []
999 
+		},
1000 
+		{
1001 
+			"name": "rt_tgsigqueueinfo",
1002 
+			"action": 4,
1003 
+			"args": []
1004 
+		},
1005 
+		{
1006 
+			"name": "sched_getaffinity",
1007 
+			"action": 4,
1008 
+			"args": []
1009 
+		},
1010 
+		{
1011 
+			"name": "sched_getattr",
1012 
+			"action": 4,
1013 
+			"args": []
1014 
+		},
1015 
+		{
1016 
+			"name": "sched_getparam",
1017 
+			"action": 4,
1018 
+			"args": []
1019 
+		},
1020 
+		{
1021 
+			"name": "sched_get_priority_max",
1022 
+			"action": 4,
1023 
+			"args": []
1024 
+		},
1025 
+		{
1026 
+			"name": "sched_get_priority_min",
1027 
+			"action": 4,
1028 
+			"args": []
1029 
+		},
1030 
+		{
1031 
+			"name": "sched_getscheduler",
1032 
+			"action": 4,
1033 
+			"args": []
1034 
+		},
1035 
+		{
1036 
+			"name": "sched_rr_get_interval",
1037 
+			"action": 4,
1038 
+			"args": []
1039 
+		},
1040 
+		{
1041 
+			"name": "sched_setaffinity",
1042 
+			"action": 4,
1043 
+			"args": []
1044 
+		},
1045 
+		{
1046 
+			"name": "sched_setattr",
1047 
+			"action": 4,
1048 
+			"args": []
1049 
+		},
1050 
+		{
1051 
+			"name": "sched_setparam",
1052 
+			"action": 4,
1053 
+			"args": []
1054 
+		},
1055 
+		{
1056 
+			"name": "sched_setscheduler",
1057 
+			"action": 4,
1058 
+			"args": []
1059 
+		},
1060 
+		{
1061 
+			"name": "sched_yield",
1062 
+			"action": 4,
1063 
+			"args": []
1064 
+		},
1065 
+		{
1066 
+			"name": "seccomp",
1067 
+			"action": 4,
1068 
+			"args": []
1069 
+		},
1070 
+		{
1071 
+			"name": "select",
1072 
+			"action": 4,
1073 
+			"args": []
1074 
+		},
1075 
+		{
1076 
+			"name": "semctl",
1077 
+			"action": 4,
1078 
+			"args": []
1079 
+		},
1080 
+		{
1081 
+			"name": "semget",
1082 
+			"action": 4,
1083 
+			"args": []
1084 
+		},
1085 
+		{
1086 
+			"name": "semop",
1087 
+			"action": 4,
1088 
+			"args": []
1089 
+		},
1090 
+		{
1091 
+			"name": "semtimedop",
1092 
+			"action": 4,
1093 
+			"args": []
1094 
+		},
1095 
+		{
1096 
+			"name": "send",
1097 
+			"action": 4,
1098 
+			"args": []
1099 
+		},
1100 
+		{
1101 
+			"name": "sendfile",
1102 
+			"action": 4,
1103 
+			"args": []
1104 
+		},
1105 
+		{
1106 
+			"name": "sendfile64",
1107 
+			"action": 4,
1108 
+			"args": []
1109 
+		},
1110 
+		{
1111 
+			"name": "sendmmsg",
1112 
+			"action": 4,
1113 
+			"args": []
1114 
+		},
1115 
+		{
1116 
+			"name": "sendmsg",
1117 
+			"action": 4,
1118 
+			"args": []
1119 
+		},
1120 
+		{
1121 
+			"name": "sendto",
1122 
+			"action": 4,
1123 
+			"args": []
1124 
+		},
1125 
+		{
1126 
+			"name": "setdomainname",
1127 
+			"action": 4,
1128 
+			"args": []
1129 
+		},
1130 
+		{
1131 
+			"name": "setfsgid",
1132 
+			"action": 4,
1133 
+			"args": []
1134 
+		},
1135 
+		{
1136 
+			"name": "setfsgid32",
1137 
+			"action": 4,
1138 
+			"args": []
1139 
+		},
1140 
+		{
1141 
+			"name": "setfsuid",
1142 
+			"action": 4,
1143 
+			"args": []
1144 
+		},
1145 
+		{
1146 
+			"name": "setfsuid32",
1147 
+			"action": 4,
1148 
+			"args": []
1149 
+		},
1150 
+		{
1151 
+			"name": "setgid",
1152 
+			"action": 4,
1153 
+			"args": []
1154 
+		},
1155 
+		{
1156 
+			"name": "setgid32",
1157 
+			"action": 4,
1158 
+			"args": []
1159 
+		},
1160 
+		{
1161 
+			"name": "setgroups",
1162 
+			"action": 4,
1163 
+			"args": []
1164 
+		},
1165 
+		{
1166 
+			"name": "setgroups32",
1167 
+			"action": 4,
1168 
+			"args": []
1169 
+		},
1170 
+		{
1171 
+			"name": "sethostname",
1172 
+			"action": 4,
1173 
+			"args": []
1174 
+		},
1175 
+		{
1176 
+			"name": "setitimer",
1177 
+			"action": 4,
1178 
+			"args": []
1179 
+		},
1180 
+		{
1181 
+			"name": "setpgid",
1182 
+			"action": 4,
1183 
+			"args": []
1184 
+		},
1185 
+		{
1186 
+			"name": "setpriority",
1187 
+			"action": 4,
1188 
+			"args": []
1189 
+		},
1190 
+		{
1191 
+			"name": "setregid",
1192 
+			"action": 4,
1193 
+			"args": []
1194 
+		},
1195 
+		{
1196 
+			"name": "setregid32",
1197 
+			"action": 4,
1198 
+			"args": []
1199 
+		},
1200 
+		{
1201 
+			"name": "setresgid",
1202 
+			"action": 4,
1203 
+			"args": []
1204 
+		},
1205 
+		{
1206 
+			"name": "setresgid32",
1207 
+			"action": 4,
1208 
+			"args": []
1209 
+		},
1210 
+		{
1211 
+			"name": "setresuid",
1212 
+			"action": 4,
1213 
+			"args": []
1214 
+		},
1215 
+		{
1216 
+			"name": "setresuid32",
1217 
+			"action": 4,
1218 
+			"args": []
1219 
+		},
1220 
+		{
1221 
+			"name": "setreuid",
1222 
+			"action": 4,
1223 
+			"args": []
1224 
+		},
1225 
+		{
1226 
+			"name": "setreuid32",
1227 
+			"action": 4,
1228 
+			"args": []
1229 
+		},
1230 
+		{
1231 
+			"name": "setrlimit",
1232 
+			"action": 4,
1233 
+			"args": []
1234 
+		},
1235 
+		{
1236 
+			"name": "set_robust_list",
1237 
+			"action": 4,
1238 
+			"args": []
1239 
+		},
1240 
+		{
1241 
+			"name": "setsid",
1242 
+			"action": 4,
1243 
+			"args": []
1244 
+		},
1245 
+		{
1246 
+			"name": "setsockopt",
1247 
+			"action": 4,
1248 
+			"args": []
1249 
+		},
1250 
+		{
1251 
+			"name": "set_thread_area",
1252 
+			"action": 4,
1253 
+			"args": []
1254 
+		},
1255 
+		{
1256 
+			"name": "set_tid_address",
1257 
+			"action": 4,
1258 
+			"args": []
1259 
+		},
1260 
+		{
1261 
+			"name": "setuid",
1262 
+			"action": 4,
1263 
+			"args": []
1264 
+		},
1265 
+		{
1266 
+			"name": "setuid32",
1267 
+			"action": 4,
1268 
+			"args": []
1269 
+		},
1270 
+		{
1271 
+			"name": "setxattr",
1272 
+			"action": 4,
1273 
+			"args": []
1274 
+		},
1275 
+		{
1276 
+			"name": "shmat",
1277 
+			"action": 4,
1278 
+			"args": []
1279 
+		},
1280 
+		{
1281 
+			"name": "shmctl",
1282 
+			"action": 4,
1283 
+			"args": []
1284 
+		},
1285 
+		{
1286 
+			"name": "shmdt",
1287 
+			"action": 4,
1288 
+			"args": []
1289 
+		},
1290 
+		{
1291 
+			"name": "shmget",
1292 
+			"action": 4,
1293 
+			"args": []
1294 
+		},
1295 
+		{
1296 
+			"name": "shutdown",
1297 
+			"action": 4,
1298 
+			"args": []
1299 
+		},
1300 
+		{
1301 
+			"name": "sigaltstack",
1302 
+			"action": 4,
1303 
+			"args": []
1304 
+		},
1305 
+		{
1306 
+			"name": "signalfd",
1307 
+			"action": 4,
1308 
+			"args": []
1309 
+		},
1310 
+		{
1311 
+			"name": "signalfd4",
1312 
+			"action": 4,
1313 
+			"args": []
1314 
+		},
1315 
+		{
1316 
+			"name": "sigreturn",
1317 
+			"action": 4,
1318 
+			"args": []
1319 
+		},
1320 
+		{
1321 
+			"name": "socket",
1322 
+			"action": 4,
1323 
+			"args": []
1324 
+		},
1325 
+		{
1326 
+			"name": "socketpair",
1327 
+			"action": 4,
1328 
+			"args": []
1329 
+		},
1330 
+		{
1331 
+			"name": "splice",
1332 
+			"action": 4,
1333 
+			"args": []
1334 
+		},
1335 
+		{
1336 
+			"name": "stat",
1337 
+			"action": 4,
1338 
+			"args": []
1339 
+		},
1340 
+		{
1341 
+			"name": "stat64",
1342 
+			"action": 4,
1343 
+			"args": []
1344 
+		},
1345 
+		{
1346 
+			"name": "statfs",
1347 
+			"action": 4,
1348 
+			"args": []
1349 
+		},
1350 
+		{
1351 
+			"name": "statfs64",
1352 
+			"action": 4,
1353 
+			"args": []
1354 
+		},
1355 
+		{
1356 
+			"name": "symlink",
1357 
+			"action": 4,
1358 
+			"args": []
1359 
+		},
1360 
+		{
1361 
+			"name": "symlinkat",
1362 
+			"action": 4,
1363 
+			"args": []
1364 
+		},
1365 
+		{
1366 
+			"name": "sync",
1367 
+			"action": 4,
1368 
+			"args": []
1369 
+		},
1370 
+		{
1371 
+			"name": "sync_file_range",
1372 
+			"action": 4,
1373 
+			"args": []
1374 
+		},
1375 
+		{
1376 
+			"name": "syncfs",
1377 
+			"action": 4,
1378 
+			"args": []
1379 
+		},
1380 
+		{
1381 
+			"name": "sysinfo",
1382 
+			"action": 4,
1383 
+			"args": []
1384 
+		},
1385 
+		{
1386 
+			"name": "syslog",
1387 
+			"action": 4,
1388 
+			"args": []
1389 
+		},
1390 
+		{
1391 
+			"name": "tee",
1392 
+			"action": 4,
1393 
+			"args": []
1394 
+		},
1395 
+		{
1396 
+			"name": "tgkill",
1397 
+			"action": 4,
1398 
+			"args": []
1399 
+		},
1400 
+		{
1401 
+			"name": "time",
1402 
+			"action": 4,
1403 
+			"args": []
1404 
+		},
1405 
+		{
1406 
+			"name": "timer_create",
1407 
+			"action": 4,
1408 
+			"args": []
1409 
+		},
1410 
+		{
1411 
+			"name": "timer_delete",
1412 
+			"action": 4,
1413 
+			"args": []
1414 
+		},
1415 
+		{
1416 
+			"name": "timerfd_create",
1417 
+			"action": 4,
1418 
+			"args": []
1419 
+		},
1420 
+		{
1421 
+			"name": "timerfd_gettime",
1422 
+			"action": 4,
1423 
+			"args": []
1424 
+		},
1425 
+		{
1426 
+			"name": "timerfd_settime",
1427 
+			"action": 4,
1428 
+			"args": []
1429 
+		},
1430 
+		{
1431 
+			"name": "timer_getoverrun",
1432 
+			"action": 4,
1433 
+			"args": []
1434 
+		},
1435 
+		{
1436 
+			"name": "timer_gettime",
1437 
+			"action": 4,
1438 
+			"args": []
1439 
+		},
1440 
+		{
1441 
+			"name": "timer_settime",
1442 
+			"action": 4,
1443 
+			"args": []
1444 
+		},
1445 
+		{
1446 
+			"name": "times",
1447 
+			"action": 4,
1448 
+			"args": []
1449 
+		},
1450 
+		{
1451 
+			"name": "tkill",
1452 
+			"action": 4,
1453 
+			"args": []
1454 
+		},
1455 
+		{
1456 
+			"name": "truncate",
1457 
+			"action": 4,
1458 
+			"args": []
1459 
+		},
1460 
+		{
1461 
+			"name": "truncate64",
1462 
+			"action": 4,
1463 
+			"args": []
1464 
+		},
1465 
+		{
1466 
+			"name": "ugetrlimit",
1467 
+			"action": 4,
1468 
+			"args": []
1469 
+		},
1470 
+		{
1471 
+			"name": "umask",
1472 
+			"action": 4,
1473 
+			"args": []
1474 
+		},
1475 
+		{
1476 
+			"name": "uname",
1477 
+			"action": 4,
1478 
+			"args": []
1479 
+		},
1480 
+		{
1481 
+			"name": "unlink",
1482 
+			"action": 4,
1483 
+			"args": []
1484 
+		},
1485 
+		{
1486 
+			"name": "unlinkat",
1487 
+			"action": 4,
1488 
+			"args": []
1489 
+		},
1490 
+		{
1491 
+			"name": "utime",
1492 
+			"action": 4,
1493 
+			"args": []
1494 
+		},
1495 
+		{
1496 
+			"name": "utimensat",
1497 
+			"action": 4,
1498 
+			"args": []
1499 
+		},
1500 
+		{
1501 
+			"name": "utimes",
1502 
+			"action": 4,
1503 
+			"args": []
1504 
+		},
1505 
+		{
1506 
+			"name": "vfork",
1507 
+			"action": 4,
1508 
+			"args": []
1509 
+		},
1510 
+		{
1511 
+			"name": "vhangup",
1512 
+			"action": 4,
1513 
+			"args": []
1514 
+		},
1515 
+		{
1516 
+			"name": "vmsplice",
1517 
+			"action": 4,
1518 
+			"args": []
1519 
+		},
1520 
+		{
1521 
+			"name": "wait4",
1522 
+			"action": 4,
1523 
+			"args": []
1524 
+		},
1525 
+		{
1526 
+			"name": "waitid",
1527 
+			"action": 4,
1528 
+			"args": []
1529 
+		},
1530 
+		{
1531 
+			"name": "waitpid",
1532 
+			"action": 4,
1533 
+			"args": []
1534 
+		},
1535 
+		{
1536 
+			"name": "write",
1537 
+			"action": 4,
1538 
+			"args": []
1539 
+		},
1540 
+		{
1541 
+			"name": "writev",
1542 
+			"action": 4,
1543 
+			"args": []
1544 
+		},
1545 
+		{
1546 
+			"name": "modify_ldt",
1547 
+			"action": 4,
1548 
+			"args": []
1549 
+		},
1550 
+		{
1551 
+			"name": "breakpoint",
1552 
+			"action": 4,
1553 
+			"args": []
1554 
+		},
1555 
+		{
1556 
+			"name": "cacheflush",
1557 
+			"action": 4,
1558 
+			"args": []
1559 
+		},
1560 
+		{
1561 
+			"name": "set_tls",
1562 
+			"action": 4,
1563 
+			"args": []
1564 
+		}
1565 
+	]
1566 
+}
0 1567 
\ No newline at end of file
profiles/seccomp/generate.go
History View file @ d57816d
1 1568 
new file mode 100644
... ... 
@@ -0,0 +1,35 @@
0 
+// +build ignore
1 
+
2 
+package main
3 
+
4 
+import (
5 
+	"encoding/json"
6 
+	"io/ioutil"
7 
+	"os"
8 
+	"path/filepath"
9 
+
10 
+	"github.com/docker/docker/profiles/seccomp"
11 
+)
12 
+
13 
+// saves the default seccomp profile as a json file so people can use it as a
14 
+// base for their own custom profiles
15 
+func main() {
16 
+	wd, err := os.Getwd()
17 
+	if err != nil {
18 
+		panic(err)
19 
+	}
20 
+	f := filepath.Join(wd, "default.json")
21 
+
22 
+	// get the default profile
23 
+	p := seccomp.GetDefaultProfile()
24 
+
25 
+	// write the default profile to the file
26 
+	b, err := json.MarshalIndent(p, "", "\t")
27 
+	if err != nil {
28 
+		panic(err)
29 
+	}
30 
+
31 
+	if err := ioutil.WriteFile(f, b, 0755); err != nil {
32 
+		panic(err)
33 
+	}
34 
+}
profiles/seccomp/seccomp.go
History View file @ d57816d
... ... 
@@ -11,9 +11,11 @@ import (
11 11 
 	"github.com/opencontainers/runc/libcontainer/seccomp"
12 12 
 )
13 13
14 
+//go:generate go run -tags 'seccomp' generate.go
15 
+
14 16 
 // GetDefaultProfile returns the default seccomp profile.
15 17 
 func GetDefaultProfile() *configs.Seccomp {
16 
-	return defaultSeccompProfile
18 
+	return defaultProfile
17 19 
 }
18 20
19 21 
 // LoadProfile takes a file path a decodes the seccomp profile.
profiles/seccomp/seccomp_default.go
History View file @ d57816d
... ... 
@@ -33,7 +33,8 @@ func arches() []string {
33 33 
 	}
34 34 
 }
35 35
36 
-var defaultSeccompProfile = &configs.Seccomp{
36 
+// defaultProfile defines the whitelist for the default seccomp profile.
37 
+var defaultProfile = &configs.Seccomp{
37 38 
 	DefaultAction: configs.Errno,
38 39 
 	Architectures: arches(),
39 40 
 	Syscalls: []*configs.Syscall{
profiles/seccomp/seccomp_unsupported.go
History View file @ d57816d
... ... 
@@ -5,5 +5,6 @@ package seccomp
5 5 
 import "github.com/opencontainers/runc/libcontainer/configs"
6 6
7 7 
 var (
8 
-	defaultSeccompProfile *configs.Seccomp
8 
+	// defaultProfile is a nil pointer on unsupported systems.
9 
+	defaultProfile *configs.Seccomp
9 10 
 )