hughesjr / rpms / docker

Forked from rpms/docker 4 years ago
Clone

Blame SOURCES/seccomp.json

405470
{
405470
	"defaultAction": "SCMP_ACT_ERRNO",
405470
	"archMap": [
405470
		{
405470
			"architecture": "SCMP_ARCH_X86_64",
405470
			"subArchitectures": [
405470
				"SCMP_ARCH_X86",
405470
				"SCMP_ARCH_X32"
405470
			]
405470
		},
405470
		{
405470
			"architecture": "SCMP_ARCH_AARCH64",
405470
			"subArchitectures": [
405470
				"SCMP_ARCH_ARM"
405470
			]
405470
		},
405470
		{
405470
			"architecture": "SCMP_ARCH_MIPS64",
405470
			"subArchitectures": [
405470
				"SCMP_ARCH_MIPS",
405470
				"SCMP_ARCH_MIPS64N32"
405470
			]
405470
		},
405470
		{
405470
			"architecture": "SCMP_ARCH_MIPS64N32",
405470
			"subArchitectures": [
405470
				"SCMP_ARCH_MIPS",
405470
				"SCMP_ARCH_MIPS64"
405470
			]
405470
		},
405470
		{
405470
			"architecture": "SCMP_ARCH_MIPSEL64",
405470
			"subArchitectures": [
405470
				"SCMP_ARCH_MIPSEL",
405470
				"SCMP_ARCH_MIPSEL64N32"
405470
			]
405470
		},
405470
		{
405470
			"architecture": "SCMP_ARCH_MIPSEL64N32",
405470
			"subArchitectures": [
405470
				"SCMP_ARCH_MIPSEL",
405470
				"SCMP_ARCH_MIPSEL64"
405470
			]
405470
		},
405470
		{
405470
			"architecture": "SCMP_ARCH_S390X",
405470
			"subArchitectures": [
405470
				"SCMP_ARCH_S390"
405470
			]
405470
		}
405470
	],
405470
	"syscalls": [
405470
		{
405470
			"names": [
405470
				"accept",
405470
				"accept4",
405470
				"access",
405470
				"alarm",
405470
				"alarm",
405470
				"bind",
405470
				"brk",
405470
				"capget",
405470
				"capset",
405470
				"chdir",
405470
				"chmod",
405470
				"chown",
405470
				"chown32",
405470
				"clock_getres",
405470
				"clock_gettime",
405470
				"clock_nanosleep",
405470
				"close",
405470
				"connect",
405470
				"copy_file_range",
405470
				"creat",
405470
				"dup",
405470
				"dup2",
405470
				"dup3",
405470
				"epoll_create",
405470
				"epoll_create1",
405470
				"epoll_ctl",
405470
				"epoll_ctl_old",
405470
				"epoll_pwait",
405470
				"epoll_wait",
405470
				"epoll_wait_old",
405470
				"eventfd",
405470
				"eventfd2",
405470
				"execve",
405470
				"execveat",
405470
				"exit",
405470
				"exit_group",
405470
				"faccessat",
405470
				"fadvise64",
405470
				"fadvise64_64",
405470
				"fallocate",
405470
				"fanotify_mark",
405470
				"fchdir",
405470
				"fchmod",
405470
				"fchmodat",
405470
				"fchown",
405470
				"fchown32",
405470
				"fchownat",
405470
				"fcntl",
405470
				"fcntl64",
405470
				"fdatasync",
405470
				"fgetxattr",
405470
				"flistxattr",
405470
				"flock",
405470
				"fork",
405470
				"fremovexattr",
405470
				"fsetxattr",
405470
				"fstat",
405470
				"fstat64",
405470
				"fstatat64",
405470
				"fstatfs",
405470
				"fstatfs64",
405470
				"fsync",
405470
				"ftruncate",
405470
				"ftruncate64",
405470
				"futex",
405470
				"futimesat",
405470
				"getcpu",
405470
				"getcwd",
405470
				"getdents",
405470
				"getdents64",
405470
				"getegid",
405470
				"getegid32",
405470
				"geteuid",
405470
				"geteuid32",
405470
				"getgid",
405470
				"getgid32",
405470
				"getgroups",
405470
				"getgroups32",
405470
				"getitimer",
405470
				"getpeername",
405470
				"getpgid",
405470
				"getpgrp",
405470
				"getpid",
405470
				"getppid",
405470
				"getpriority",
405470
				"getrandom",
405470
				"getresgid",
405470
				"getresgid32",
405470
				"getresuid",
405470
				"getresuid32",
405470
				"getrlimit",
405470
				"get_robust_list",
405470
				"getrusage",
405470
				"getsid",
405470
				"getsockname",
405470
				"getsockopt",
405470
				"get_thread_area",
405470
				"gettid",
405470
				"gettimeofday",
405470
				"getuid",
405470
				"getuid32",
405470
				"getxattr",
405470
				"inotify_add_watch",
405470
				"inotify_init",
405470
				"inotify_init1",
405470
				"inotify_rm_watch",
405470
				"io_cancel",
405470
				"ioctl",
405470
				"io_destroy",
405470
				"io_getevents",
405470
				"ioprio_get",
405470
				"ioprio_set",
405470
				"io_setup",
405470
				"io_submit",
405470
				"ipc",
405470
				"kill",
405470
				"lchown",
405470
				"lchown32",
405470
				"lgetxattr",
405470
				"link",
405470
				"linkat",
405470
				"listen",
405470
				"listxattr",
405470
				"llistxattr",
405470
				"_llseek",
405470
				"lremovexattr",
405470
				"lseek",
405470
				"lsetxattr",
405470
				"lstat",
405470
				"lstat64",
405470
				"madvise",
405470
				"memfd_create",
405470
				"mincore",
405470
				"mkdir",
405470
				"mkdirat",
405470
				"mknod",
405470
				"mknodat",
405470
				"mlock",
405470
				"mlock2",
405470
				"mlockall",
405470
				"mmap",
405470
				"mmap2",
405470
				"mprotect",
405470
				"mq_getsetattr",
405470
				"mq_notify",
405470
				"mq_open",
405470
				"mq_timedreceive",
405470
				"mq_timedsend",
405470
				"mq_unlink",
405470
				"mremap",
405470
				"msgctl",
405470
				"msgget",
405470
				"msgrcv",
405470
				"msgsnd",
405470
				"msync",
405470
				"munlock",
405470
				"munlockall",
405470
				"munmap",
405470
				"nanosleep",
405470
				"newfstatat",
405470
				"_newselect",
405470
				"open",
405470
				"openat",
405470
				"pause",
405470
				"pipe",
405470
				"pipe2",
405470
				"poll",
405470
				"ppoll",
405470
				"prctl",
405470
				"pread64",
405470
				"preadv",
405470
				"prlimit64",
405470
				"pselect6",
405470
				"pwrite64",
405470
				"pwritev",
405470
				"read",
405470
				"readahead",
405470
				"readlink",
405470
				"readlinkat",
405470
				"readv",
405470
				"recv",
405470
				"recvfrom",
405470
				"recvmmsg",
405470
				"recvmsg",
405470
				"remap_file_pages",
405470
				"removexattr",
405470
				"rename",
405470
				"renameat",
405470
				"renameat2",
405470
				"restart_syscall",
405470
				"rmdir",
405470
				"rt_sigaction",
405470
				"rt_sigpending",
405470
				"rt_sigprocmask",
405470
				"rt_sigqueueinfo",
405470
				"rt_sigreturn",
405470
				"rt_sigsuspend",
405470
				"rt_sigtimedwait",
405470
				"rt_tgsigqueueinfo",
405470
				"sched_getaffinity",
405470
				"sched_getattr",
405470
				"sched_getparam",
405470
				"sched_get_priority_max",
405470
				"sched_get_priority_min",
405470
				"sched_getscheduler",
405470
				"sched_rr_get_interval",
405470
				"sched_setaffinity",
405470
				"sched_setattr",
405470
				"sched_setparam",
405470
				"sched_setscheduler",
405470
				"sched_yield",
405470
				"seccomp",
405470
				"select",
405470
				"semctl",
405470
				"semget",
405470
				"semop",
405470
				"semtimedop",
405470
				"send",
405470
				"sendfile",
405470
				"sendfile64",
405470
				"sendmmsg",
405470
				"sendmsg",
405470
				"sendto",
405470
				"setfsgid",
405470
				"setfsgid32",
405470
				"setfsuid",
405470
				"setfsuid32",
405470
				"setgid",
405470
				"setgid32",
405470
				"setgroups",
405470
				"setgroups32",
405470
				"setitimer",
405470
				"setpgid",
405470
				"setpriority",
405470
				"setregid",
405470
				"setregid32",
405470
				"setresgid",
405470
				"setresgid32",
405470
				"setresuid",
405470
				"setresuid32",
405470
				"setreuid",
405470
				"setreuid32",
405470
				"setrlimit",
405470
				"set_robust_list",
405470
				"setsid",
405470
				"setsockopt",
405470
				"set_thread_area",
405470
				"set_tid_address",
405470
				"setuid",
405470
				"setuid32",
405470
				"setxattr",
405470
				"shmat",
405470
				"shmctl",
405470
				"shmdt",
405470
				"shmget",
405470
				"shutdown",
405470
				"sigaltstack",
405470
				"signalfd",
405470
				"signalfd4",
405470
				"sigreturn",
405470
				"socket",
405470
				"socketcall",
405470
				"socketpair",
405470
				"splice",
405470
				"stat",
405470
				"stat64",
405470
				"statfs",
405470
				"statfs64",
405470
				"symlink",
405470
				"symlinkat",
405470
				"sync",
405470
				"sync_file_range",
405470
				"syncfs",
405470
				"sysinfo",
405470
				"syslog",
405470
				"tee",
405470
				"tgkill",
405470
				"time",
405470
				"timer_create",
405470
				"timer_delete",
405470
				"timerfd_create",
405470
				"timerfd_gettime",
405470
				"timerfd_settime",
405470
				"timer_getoverrun",
405470
				"timer_gettime",
405470
				"timer_settime",
405470
				"times",
405470
				"tkill",
405470
				"truncate",
405470
				"truncate64",
405470
				"ugetrlimit",
405470
				"umask",
405470
				"uname",
405470
				"unlink",
405470
				"unlinkat",
405470
				"utime",
405470
				"utimensat",
405470
				"utimes",
405470
				"vfork",
405470
				"vmsplice",
405470
				"wait4",
405470
				"waitid",
405470
				"waitpid",
405470
				"write",
405470
				"writev",
405470
				"mount",
405470
				"umount2",
405470
				"reboot",
405470
				"name_to_handle_at",
405470
				"unshare"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"personality"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [
405470
				{
405470
					"index": 0,
405470
					"value": 0,
405470
					"valueTwo": 0,
405470
					"op": "SCMP_CMP_EQ"
405470
				}
405470
			],
405470
			"comment": "",
405470
			"includes": {},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"personality"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [
405470
				{
405470
					"index": 0,
405470
					"value": 8,
405470
					"valueTwo": 0,
405470
					"op": "SCMP_CMP_EQ"
405470
				}
405470
			],
405470
			"comment": "",
405470
			"includes": {},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"personality"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [
405470
				{
405470
					"index": 0,
405470
					"value": 4294967295,
405470
					"valueTwo": 0,
405470
					"op": "SCMP_CMP_EQ"
405470
				}
405470
			],
405470
			"comment": "",
405470
			"includes": {},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"breakpoint",
405470
				"cacheflush",
405470
				"set_tls"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"arches": [
405470
					"arm",
405470
					"arm64"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"arch_prctl"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"arches": [
405470
					"amd64",
405470
					"x32"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"modify_ldt"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"arches": [
405470
					"amd64",
405470
					"x32",
405470
					"x86"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"s390_pci_mmio_read",
405470
				"s390_pci_mmio_write",
405470
				"s390_runtime_instr"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"arches": [
405470
					"s390",
405470
					"s390x"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"open_by_handle_at"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"caps": [
405470
					"CAP_DAC_READ_SEARCH"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"bpf",
405470
				"clone",
405470
				"fanotify_init",
405470
				"lookup_dcookie",
405470
				"mount",
405470
				"name_to_handle_at",
405470
				"perf_event_open",
405470
				"setdomainname",
405470
				"sethostname",
405470
				"setns",
405470
				"umount",
405470
				"umount2",
405470
				"unshare"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"caps": [
405470
					"CAP_SYS_ADMIN"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"clone"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [
405470
				{
405470
					"index": 0,
405470
					"value": 2080505856,
405470
					"valueTwo": 0,
405470
					"op": "SCMP_CMP_MASKED_EQ"
405470
				}
405470
			],
405470
			"comment": "",
405470
			"includes": {},
405470
			"excludes": {
405470
				"caps": [
405470
					"CAP_SYS_ADMIN"
405470
				],
405470
				"arches": [
405470
					"s390",
405470
					"s390x"
405470
				]
405470
			}
405470
		},
405470
		{
405470
			"names": [
405470
				"clone"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [
405470
				{
405470
					"index": 1,
405470
					"value": 2080505856,
405470
					"valueTwo": 0,
405470
					"op": "SCMP_CMP_MASKED_EQ"
405470
				}
405470
			],
405470
			"comment": "s390 parameter ordering for clone is different",
405470
			"includes": {
405470
				"arches": [
405470
					"s390",
405470
					"s390x"
405470
				]
405470
			},
405470
			"excludes": {
405470
				"caps": [
405470
					"CAP_SYS_ADMIN"
405470
				]
405470
			}
405470
		},
405470
		{
405470
			"names": [
405470
				"reboot"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"caps": [
405470
					"CAP_SYS_BOOT"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"chroot"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"caps": [
405470
					"CAP_SYS_CHROOT"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"delete_module",
405470
				"init_module",
405470
				"finit_module",
405470
				"query_module"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"caps": [
405470
					"CAP_SYS_MODULE"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"acct"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"caps": [
405470
					"CAP_SYS_PACCT"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"kcmp",
405470
				"process_vm_readv",
405470
				"process_vm_writev",
405470
				"ptrace"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"caps": [
405470
					"CAP_SYS_PTRACE"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"iopl",
405470
				"ioperm"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"caps": [
405470
					"CAP_SYS_RAWIO"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"settimeofday",
405470
				"stime",
405470
				"adjtimex"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"caps": [
405470
					"CAP_SYS_TIME"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		},
405470
		{
405470
			"names": [
405470
				"vhangup"
405470
			],
405470
			"action": "SCMP_ACT_ALLOW",
405470
			"args": [],
405470
			"comment": "",
405470
			"includes": {
405470
				"caps": [
405470
					"CAP_SYS_TTY_CONFIG"
405470
				]
405470
			},
405470
			"excludes": {}
405470
		}
405470
	]
405470
}