|
 |
b24b4f |
{
|
|
|
b24b4f |
"defaultAction": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"defaultErrnoRet": 38,
|
|
|
b24b4f |
"defaultErrno": "ENOSYS",
|
|
|
b24b4f |
"archMap": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"architecture": "SCMP_ARCH_X86_64",
|
|
|
b24b4f |
"subArchitectures": [
|
|
|
b24b4f |
"SCMP_ARCH_X86",
|
|
|
b24b4f |
"SCMP_ARCH_X32"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"architecture": "SCMP_ARCH_AARCH64",
|
|
|
b24b4f |
"subArchitectures": [
|
|
|
b24b4f |
"SCMP_ARCH_ARM"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"architecture": "SCMP_ARCH_MIPS64",
|
|
|
b24b4f |
"subArchitectures": [
|
|
|
b24b4f |
"SCMP_ARCH_MIPS",
|
|
|
b24b4f |
"SCMP_ARCH_MIPS64N32"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"architecture": "SCMP_ARCH_MIPS64N32",
|
|
|
b24b4f |
"subArchitectures": [
|
|
|
b24b4f |
"SCMP_ARCH_MIPS",
|
|
|
b24b4f |
"SCMP_ARCH_MIPS64"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"architecture": "SCMP_ARCH_MIPSEL64",
|
|
|
b24b4f |
"subArchitectures": [
|
|
|
b24b4f |
"SCMP_ARCH_MIPSEL",
|
|
|
b24b4f |
"SCMP_ARCH_MIPSEL64N32"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"architecture": "SCMP_ARCH_MIPSEL64N32",
|
|
|
b24b4f |
"subArchitectures": [
|
|
|
b24b4f |
"SCMP_ARCH_MIPSEL",
|
|
|
b24b4f |
"SCMP_ARCH_MIPSEL64"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"architecture": "SCMP_ARCH_S390X",
|
|
|
b24b4f |
"subArchitectures": [
|
|
|
b24b4f |
"SCMP_ARCH_S390"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
}
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"syscalls": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"bdflush",
|
|
|
b24b4f |
"io_pgetevents",
|
|
|
b24b4f |
"kexec_file_load",
|
|
|
b24b4f |
"kexec_load",
|
|
|
b24b4f |
"migrate_pages",
|
|
|
b24b4f |
"move_pages",
|
|
|
b24b4f |
"nfsservctl",
|
|
|
b24b4f |
"nice",
|
|
|
b24b4f |
"oldfstat",
|
|
|
b24b4f |
"oldlstat",
|
|
|
b24b4f |
"oldolduname",
|
|
|
b24b4f |
"oldstat",
|
|
|
b24b4f |
"olduname",
|
|
|
b24b4f |
"pciconfig_iobase",
|
|
|
b24b4f |
"pciconfig_read",
|
|
|
b24b4f |
"pciconfig_write",
|
|
|
b24b4f |
"sgetmask",
|
|
|
b24b4f |
"ssetmask",
|
|
|
b24b4f |
"swapcontext",
|
|
|
b24b4f |
"swapoff",
|
|
|
b24b4f |
"swapon",
|
|
|
b24b4f |
"sysfs",
|
|
|
b24b4f |
"uselib",
|
|
|
b24b4f |
"userfaultfd",
|
|
|
b24b4f |
"ustat",
|
|
|
b24b4f |
"vm86",
|
|
|
b24b4f |
"vm86old",
|
|
|
b24b4f |
"vmsplice"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {},
|
|
|
b24b4f |
"errnoRet": 1,
|
|
|
b24b4f |
"errno": "EPERM"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"_llseek",
|
|
|
b24b4f |
"_newselect",
|
|
|
b24b4f |
"accept",
|
|
|
b24b4f |
"accept4",
|
|
|
b24b4f |
"access",
|
|
|
b24b4f |
"adjtimex",
|
|
|
b24b4f |
"alarm",
|
|
|
b24b4f |
"bind",
|
|
|
b24b4f |
"brk",
|
|
|
b24b4f |
"capget",
|
|
|
b24b4f |
"capset",
|
|
|
b24b4f |
"chdir",
|
|
|
b24b4f |
"chmod",
|
|
|
b24b4f |
"chown",
|
|
|
b24b4f |
"chown32",
|
|
|
b24b4f |
"clock_adjtime",
|
|
|
b24b4f |
"clock_adjtime64",
|
|
|
b24b4f |
"clock_getres",
|
|
|
b24b4f |
"clock_getres_time64",
|
|
|
b24b4f |
"clock_gettime",
|
|
|
b24b4f |
"clock_gettime64",
|
|
|
b24b4f |
"clock_nanosleep",
|
|
|
b24b4f |
"clock_nanosleep_time64",
|
|
|
b24b4f |
"clone",
|
|
|
b24b4f |
"clone3",
|
|
|
b24b4f |
"close",
|
|
|
b24b4f |
"close_range",
|
|
|
b24b4f |
"connect",
|
|
|
b24b4f |
"copy_file_range",
|
|
|
b24b4f |
"creat",
|
|
|
b24b4f |
"dup",
|
|
|
b24b4f |
"dup2",
|
|
|
b24b4f |
"dup3",
|
|
|
b24b4f |
"epoll_create",
|
|
|
b24b4f |
"epoll_create1",
|
|
|
b24b4f |
"epoll_ctl",
|
|
|
b24b4f |
"epoll_ctl_old",
|
|
|
b24b4f |
"epoll_pwait",
|
|
|
b24b4f |
"epoll_pwait2",
|
|
|
b24b4f |
"epoll_wait",
|
|
|
b24b4f |
"epoll_wait_old",
|
|
|
b24b4f |
"eventfd",
|
|
|
b24b4f |
"eventfd2",
|
|
|
b24b4f |
"execve",
|
|
|
b24b4f |
"execveat",
|
|
|
b24b4f |
"exit",
|
|
|
b24b4f |
"exit_group",
|
|
|
b24b4f |
"faccessat",
|
|
|
b24b4f |
"faccessat2",
|
|
|
b24b4f |
"fadvise64",
|
|
|
b24b4f |
"fadvise64_64",
|
|
|
b24b4f |
"fallocate",
|
|
|
b24b4f |
"fanotify_mark",
|
|
|
b24b4f |
"fchdir",
|
|
|
b24b4f |
"fchmod",
|
|
|
b24b4f |
"fchmodat",
|
|
|
b24b4f |
"fchown",
|
|
|
b24b4f |
"fchown32",
|
|
|
b24b4f |
"fchownat",
|
|
|
b24b4f |
"fcntl",
|
|
|
b24b4f |
"fcntl64",
|
|
|
b24b4f |
"fdatasync",
|
|
|
b24b4f |
"fgetxattr",
|
|
|
b24b4f |
"flistxattr",
|
|
|
b24b4f |
"flock",
|
|
|
b24b4f |
"fork",
|
|
|
b24b4f |
"fremovexattr",
|
|
|
b24b4f |
"fsconfig",
|
|
|
b24b4f |
"fsetxattr",
|
|
|
b24b4f |
"fsmount",
|
|
|
b24b4f |
"fsopen",
|
|
|
b24b4f |
"fspick",
|
|
|
b24b4f |
"fstat",
|
|
|
b24b4f |
"fstat64",
|
|
|
b24b4f |
"fstatat64",
|
|
|
b24b4f |
"fstatfs",
|
|
|
b24b4f |
"fstatfs64",
|
|
|
b24b4f |
"fsync",
|
|
|
b24b4f |
"ftruncate",
|
|
|
b24b4f |
"ftruncate64",
|
|
|
b24b4f |
"futex",
|
|
|
b24b4f |
"futex_time64",
|
|
|
b24b4f |
"futimesat",
|
|
|
b24b4f |
"get_robust_list",
|
|
|
b24b4f |
"get_thread_area",
|
|
|
b24b4f |
"getcpu",
|
|
|
b24b4f |
"getcwd",
|
|
|
b24b4f |
"getdents",
|
|
|
b24b4f |
"getdents64",
|
|
|
b24b4f |
"getegid",
|
|
|
b24b4f |
"getegid32",
|
|
|
b24b4f |
"geteuid",
|
|
|
b24b4f |
"geteuid32",
|
|
|
b24b4f |
"getgid",
|
|
|
b24b4f |
"getgid32",
|
|
|
b24b4f |
"getgroups",
|
|
|
b24b4f |
"getgroups32",
|
|
|
b24b4f |
"getitimer",
|
|
|
b24b4f |
"get_mempolicy",
|
|
|
b24b4f |
"getpeername",
|
|
|
b24b4f |
"getpgid",
|
|
|
b24b4f |
"getpgrp",
|
|
|
b24b4f |
"getpid",
|
|
|
b24b4f |
"getppid",
|
|
|
b24b4f |
"getpriority",
|
|
|
b24b4f |
"getrandom",
|
|
|
b24b4f |
"getresgid",
|
|
|
b24b4f |
"getresgid32",
|
|
|
b24b4f |
"getresuid",
|
|
|
b24b4f |
"getresuid32",
|
|
|
b24b4f |
"getrlimit",
|
|
|
b24b4f |
"getrusage",
|
|
|
b24b4f |
"getsid",
|
|
|
b24b4f |
"getsockname",
|
|
|
b24b4f |
"getsockopt",
|
|
|
b24b4f |
"gettid",
|
|
|
b24b4f |
"gettimeofday",
|
|
|
b24b4f |
"getuid",
|
|
|
b24b4f |
"getuid32",
|
|
|
b24b4f |
"getxattr",
|
|
|
b24b4f |
"inotify_add_watch",
|
|
|
b24b4f |
"inotify_init",
|
|
|
b24b4f |
"inotify_init1",
|
|
|
b24b4f |
"inotify_rm_watch",
|
|
|
b24b4f |
"io_cancel",
|
|
|
b24b4f |
"io_destroy",
|
|
|
b24b4f |
"io_getevents",
|
|
|
b24b4f |
"io_setup",
|
|
|
b24b4f |
"io_submit",
|
|
|
b24b4f |
"ioctl",
|
|
|
b24b4f |
"ioprio_get",
|
|
|
b24b4f |
"ioprio_set",
|
|
|
b24b4f |
"ipc",
|
|
|
b24b4f |
"keyctl",
|
|
|
b24b4f |
"kill",
|
|
|
b24b4f |
"lchown",
|
|
|
b24b4f |
"lchown32",
|
|
|
b24b4f |
"lgetxattr",
|
|
|
b24b4f |
"link",
|
|
|
b24b4f |
"linkat",
|
|
|
b24b4f |
"listen",
|
|
|
b24b4f |
"listxattr",
|
|
|
b24b4f |
"llistxattr",
|
|
|
b24b4f |
"lremovexattr",
|
|
|
b24b4f |
"lseek",
|
|
|
b24b4f |
"lsetxattr",
|
|
|
b24b4f |
"lstat",
|
|
|
b24b4f |
"lstat64",
|
|
|
b24b4f |
"madvise",
|
|
|
b24b4f |
"mbind",
|
|
|
b24b4f |
"memfd_create",
|
|
|
b24b4f |
"memfd_secret",
|
|
|
b24b4f |
"mincore",
|
|
|
b24b4f |
"mkdir",
|
|
|
b24b4f |
"mkdirat",
|
|
|
b24b4f |
"mknod",
|
|
|
b24b4f |
"mknodat",
|
|
|
b24b4f |
"mlock",
|
|
|
b24b4f |
"mlock2",
|
|
|
b24b4f |
"mlockall",
|
|
|
b24b4f |
"mmap",
|
|
|
b24b4f |
"mmap2",
|
|
|
b24b4f |
"mount",
|
|
|
b24b4f |
"move_mount",
|
|
|
b24b4f |
"mprotect",
|
|
|
b24b4f |
"mq_getsetattr",
|
|
|
b24b4f |
"mq_notify",
|
|
|
b24b4f |
"mq_open",
|
|
|
b24b4f |
"mq_timedreceive",
|
|
|
b24b4f |
"mq_timedreceive_time64",
|
|
|
b24b4f |
"mq_timedsend",
|
|
|
b24b4f |
"mq_timedsend_time64",
|
|
|
b24b4f |
"mq_unlink",
|
|
|
b24b4f |
"mremap",
|
|
|
b24b4f |
"msgctl",
|
|
|
b24b4f |
"msgget",
|
|
|
b24b4f |
"msgrcv",
|
|
|
b24b4f |
"msgsnd",
|
|
|
b24b4f |
"msync",
|
|
|
b24b4f |
"munlock",
|
|
|
b24b4f |
"munlockall",
|
|
|
b24b4f |
"munmap",
|
|
|
b24b4f |
"name_to_handle_at",
|
|
|
b24b4f |
"nanosleep",
|
|
|
b24b4f |
"newfstatat",
|
|
|
b24b4f |
"open",
|
|
|
b24b4f |
"openat",
|
|
|
b24b4f |
"openat2",
|
|
|
b24b4f |
"open_tree",
|
|
|
b24b4f |
"pause",
|
|
|
b24b4f |
"pidfd_getfd",
|
|
|
b24b4f |
"pidfd_open",
|
|
|
b24b4f |
"pidfd_send_signal",
|
|
|
b24b4f |
"pipe",
|
|
|
b24b4f |
"pipe2",
|
|
|
b24b4f |
"pivot_root",
|
|
|
b24b4f |
"pkey_alloc",
|
|
|
b24b4f |
"pkey_free",
|
|
|
b24b4f |
"pkey_mprotect",
|
|
|
b24b4f |
"poll",
|
|
|
b24b4f |
"ppoll",
|
|
|
b24b4f |
"ppoll_time64",
|
|
|
b24b4f |
"prctl",
|
|
|
b24b4f |
"pread64",
|
|
|
b24b4f |
"preadv",
|
|
|
b24b4f |
"preadv2",
|
|
|
b24b4f |
"prlimit64",
|
|
|
b24b4f |
"pselect6",
|
|
|
b24b4f |
"pselect6_time64",
|
|
|
b24b4f |
"pwrite64",
|
|
|
b24b4f |
"pwritev",
|
|
|
b24b4f |
"pwritev2",
|
|
|
b24b4f |
"read",
|
|
|
b24b4f |
"readahead",
|
|
|
b24b4f |
"readdir",
|
|
|
b24b4f |
"readlink",
|
|
|
b24b4f |
"readlinkat",
|
|
|
b24b4f |
"readv",
|
|
|
b24b4f |
"reboot",
|
|
|
b24b4f |
"recv",
|
|
|
b24b4f |
"recvfrom",
|
|
|
b24b4f |
"recvmmsg",
|
|
|
b24b4f |
"recvmmsg_time64",
|
|
|
b24b4f |
"recvmsg",
|
|
|
b24b4f |
"remap_file_pages",
|
|
|
b24b4f |
"removexattr",
|
|
|
b24b4f |
"rename",
|
|
|
b24b4f |
"renameat",
|
|
|
b24b4f |
"renameat2",
|
|
|
b24b4f |
"restart_syscall",
|
|
|
b24b4f |
"rmdir",
|
|
|
b24b4f |
"rseq",
|
|
|
b24b4f |
"rt_sigaction",
|
|
|
b24b4f |
"rt_sigpending",
|
|
|
b24b4f |
"rt_sigprocmask",
|
|
|
b24b4f |
"rt_sigqueueinfo",
|
|
|
b24b4f |
"rt_sigreturn",
|
|
|
b24b4f |
"rt_sigsuspend",
|
|
|
b24b4f |
"rt_sigtimedwait",
|
|
|
b24b4f |
"rt_sigtimedwait_time64",
|
|
|
b24b4f |
"rt_tgsigqueueinfo",
|
|
|
b24b4f |
"sched_get_priority_max",
|
|
|
b24b4f |
"sched_get_priority_min",
|
|
|
b24b4f |
"sched_getaffinity",
|
|
|
b24b4f |
"sched_getattr",
|
|
|
b24b4f |
"sched_getparam",
|
|
|
b24b4f |
"sched_getscheduler",
|
|
|
b24b4f |
"sched_rr_get_interval",
|
|
|
b24b4f |
"sched_rr_get_interval_time64",
|
|
|
b24b4f |
"sched_setaffinity",
|
|
|
b24b4f |
"sched_setattr",
|
|
|
b24b4f |
"sched_setparam",
|
|
|
b24b4f |
"sched_setscheduler",
|
|
|
b24b4f |
"sched_yield",
|
|
|
b24b4f |
"seccomp",
|
|
|
b24b4f |
"select",
|
|
|
b24b4f |
"semctl",
|
|
|
b24b4f |
"semget",
|
|
|
b24b4f |
"semop",
|
|
|
b24b4f |
"semtimedop",
|
|
|
b24b4f |
"semtimedop_time64",
|
|
|
b24b4f |
"send",
|
|
|
b24b4f |
"sendfile",
|
|
|
b24b4f |
"sendfile64",
|
|
|
b24b4f |
"sendmmsg",
|
|
|
b24b4f |
"sendmsg",
|
|
|
b24b4f |
"sendto",
|
|
|
b24b4f |
"setns",
|
|
|
b24b4f |
"set_mempolicy",
|
|
|
b24b4f |
"set_robust_list",
|
|
|
b24b4f |
"set_thread_area",
|
|
|
b24b4f |
"set_tid_address",
|
|
|
b24b4f |
"setfsgid",
|
|
|
b24b4f |
"setfsgid32",
|
|
|
b24b4f |
"setfsuid",
|
|
|
b24b4f |
"setfsuid32",
|
|
|
b24b4f |
"setgid",
|
|
|
b24b4f |
"setgid32",
|
|
|
b24b4f |
"setgroups",
|
|
|
b24b4f |
"setgroups32",
|
|
|
b24b4f |
"setitimer",
|
|
|
b24b4f |
"setpgid",
|
|
|
b24b4f |
"setpriority",
|
|
|
b24b4f |
"setregid",
|
|
|
b24b4f |
"setregid32",
|
|
|
b24b4f |
"setresgid",
|
|
|
b24b4f |
"setresgid32",
|
|
|
b24b4f |
"setresuid",
|
|
|
b24b4f |
"setresuid32",
|
|
|
b24b4f |
"setreuid",
|
|
|
b24b4f |
"setreuid32",
|
|
|
b24b4f |
"setrlimit",
|
|
|
b24b4f |
"setsid",
|
|
|
b24b4f |
"setsockopt",
|
|
|
b24b4f |
"setuid",
|
|
|
b24b4f |
"setuid32",
|
|
|
b24b4f |
"setxattr",
|
|
|
b24b4f |
"shmat",
|
|
|
b24b4f |
"shmctl",
|
|
|
b24b4f |
"shmdt",
|
|
|
b24b4f |
"shmget",
|
|
|
b24b4f |
"shutdown",
|
|
|
b24b4f |
"sigaltstack",
|
|
|
b24b4f |
"signalfd",
|
|
|
b24b4f |
"signalfd4",
|
|
|
b24b4f |
"sigreturn",
|
|
|
b24b4f |
"socket",
|
|
|
b24b4f |
"socketcall",
|
|
|
b24b4f |
"socketpair",
|
|
|
b24b4f |
"splice",
|
|
|
b24b4f |
"stat",
|
|
|
b24b4f |
"stat64",
|
|
|
b24b4f |
"statfs",
|
|
|
b24b4f |
"statfs64",
|
|
|
b24b4f |
"statx",
|
|
|
b24b4f |
"symlink",
|
|
|
b24b4f |
"symlinkat",
|
|
|
b24b4f |
"sync",
|
|
|
b24b4f |
"sync_file_range",
|
|
|
b24b4f |
"syncfs",
|
|
|
b24b4f |
"sysinfo",
|
|
|
b24b4f |
"syslog",
|
|
|
b24b4f |
"tee",
|
|
|
b24b4f |
"tgkill",
|
|
|
b24b4f |
"time",
|
|
|
b24b4f |
"timer_create",
|
|
|
b24b4f |
"timer_delete",
|
|
|
b24b4f |
"timer_getoverrun",
|
|
|
b24b4f |
"timer_gettime",
|
|
|
b24b4f |
"timer_gettime64",
|
|
|
b24b4f |
"timer_settime",
|
|
|
b24b4f |
"timer_settime64",
|
|
|
b24b4f |
"timerfd_create",
|
|
|
b24b4f |
"timerfd_gettime",
|
|
|
b24b4f |
"timerfd_gettime64",
|
|
|
b24b4f |
"timerfd_settime",
|
|
|
b24b4f |
"timerfd_settime64",
|
|
|
b24b4f |
"times",
|
|
|
b24b4f |
"tkill",
|
|
|
b24b4f |
"truncate",
|
|
|
b24b4f |
"truncate64",
|
|
|
b24b4f |
"ugetrlimit",
|
|
|
b24b4f |
"umask",
|
|
|
b24b4f |
"umount",
|
|
|
b24b4f |
"umount2",
|
|
|
b24b4f |
"uname",
|
|
|
b24b4f |
"unlink",
|
|
|
b24b4f |
"unlinkat",
|
|
|
b24b4f |
"unshare",
|
|
|
b24b4f |
"utime",
|
|
|
b24b4f |
"utimensat",
|
|
|
b24b4f |
"utimensat_time64",
|
|
|
b24b4f |
"utimes",
|
|
|
b24b4f |
"vfork",
|
|
|
b24b4f |
"wait4",
|
|
|
b24b4f |
"waitid",
|
|
|
b24b4f |
"waitpid",
|
|
|
b24b4f |
"write",
|
|
|
b24b4f |
"writev"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"personality"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"index": 0,
|
|
|
b24b4f |
"value": 0,
|
|
|
b24b4f |
"valueTwo": 0,
|
|
|
b24b4f |
"op": "SCMP_CMP_EQ"
|
|
|
b24b4f |
}
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"personality"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"index": 0,
|
|
|
b24b4f |
"value": 8,
|
|
|
b24b4f |
"valueTwo": 0,
|
|
|
b24b4f |
"op": "SCMP_CMP_EQ"
|
|
|
b24b4f |
}
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"personality"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"index": 0,
|
|
|
b24b4f |
"value": 131072,
|
|
|
b24b4f |
"valueTwo": 0,
|
|
|
b24b4f |
"op": "SCMP_CMP_EQ"
|
|
|
b24b4f |
}
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"personality"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"index": 0,
|
|
|
b24b4f |
"value": 131080,
|
|
|
b24b4f |
"valueTwo": 0,
|
|
|
b24b4f |
"op": "SCMP_CMP_EQ"
|
|
|
b24b4f |
}
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"personality"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"index": 0,
|
|
|
b24b4f |
"value": 4294967295,
|
|
|
b24b4f |
"valueTwo": 0,
|
|
|
b24b4f |
"op": "SCMP_CMP_EQ"
|
|
|
b24b4f |
}
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"sync_file_range2"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"arches": [
|
|
|
b24b4f |
"ppc64le"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"arm_fadvise64_64",
|
|
|
b24b4f |
"arm_sync_file_range",
|
|
|
b24b4f |
"sync_file_range2",
|
|
|
b24b4f |
"breakpoint",
|
|
|
b24b4f |
"cacheflush",
|
|
|
b24b4f |
"set_tls"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"arches": [
|
|
|
b24b4f |
"arm",
|
|
|
b24b4f |
"arm64"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"arch_prctl"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"arches": [
|
|
|
b24b4f |
"amd64",
|
|
|
b24b4f |
"x32"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"modify_ldt"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"arches": [
|
|
|
b24b4f |
"amd64",
|
|
|
b24b4f |
"x32",
|
|
|
b24b4f |
"x86"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"s390_pci_mmio_read",
|
|
|
b24b4f |
"s390_pci_mmio_write",
|
|
|
b24b4f |
"s390_runtime_instr"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"arches": [
|
|
|
b24b4f |
"s390",
|
|
|
b24b4f |
"s390x"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"open_by_handle_at"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_DAC_READ_SEARCH"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"open_by_handle_at"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_DAC_READ_SEARCH"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"errnoRet": 1,
|
|
|
b24b4f |
"errno": "EPERM"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"bpf",
|
|
|
b24b4f |
"fanotify_init",
|
|
|
b24b4f |
"lookup_dcookie",
|
|
|
b24b4f |
"perf_event_open",
|
|
|
b24b4f |
"quotactl",
|
|
|
b24b4f |
"setdomainname",
|
|
|
b24b4f |
"sethostname",
|
|
|
b24b4f |
"setns"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_ADMIN"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"bpf",
|
|
|
b24b4f |
"fanotify_init",
|
|
|
b24b4f |
"lookup_dcookie",
|
|
|
b24b4f |
"perf_event_open",
|
|
|
b24b4f |
"quotactl",
|
|
|
b24b4f |
"setdomainname",
|
|
|
b24b4f |
"sethostname",
|
|
|
b24b4f |
"setns"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_ADMIN"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"errnoRet": 1,
|
|
|
b24b4f |
"errno": "EPERM"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"chroot"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_CHROOT"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"chroot"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_CHROOT"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"errnoRet": 1,
|
|
|
b24b4f |
"errno": "EPERM"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"delete_module",
|
|
|
b24b4f |
"init_module",
|
|
|
b24b4f |
"finit_module",
|
|
|
b24b4f |
"query_module"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_MODULE"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"delete_module",
|
|
|
b24b4f |
"init_module",
|
|
|
b24b4f |
"finit_module",
|
|
|
b24b4f |
"query_module"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_MODULE"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"errnoRet": 1,
|
|
|
b24b4f |
"errno": "EPERM"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"acct"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_PACCT"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"acct"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_PACCT"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"errnoRet": 1,
|
|
|
b24b4f |
"errno": "EPERM"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"kcmp",
|
|
|
b24b4f |
"process_madvise",
|
|
|
b24b4f |
"process_vm_readv",
|
|
|
b24b4f |
"process_vm_writev",
|
|
|
b24b4f |
"ptrace"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_PTRACE"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"kcmp",
|
|
|
b24b4f |
"process_madvise",
|
|
|
b24b4f |
"process_vm_readv",
|
|
|
b24b4f |
"process_vm_writev",
|
|
|
b24b4f |
"ptrace"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_PTRACE"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"errnoRet": 1,
|
|
|
b24b4f |
"errno": "EPERM"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"iopl",
|
|
|
b24b4f |
"ioperm"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_RAWIO"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"iopl",
|
|
|
b24b4f |
"ioperm"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_RAWIO"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"errnoRet": 1,
|
|
|
b24b4f |
"errno": "EPERM"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"settimeofday",
|
|
|
b24b4f |
"stime",
|
|
|
b24b4f |
"clock_settime",
|
|
|
b24b4f |
"clock_settime64"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_TIME"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"settimeofday",
|
|
|
b24b4f |
"stime",
|
|
|
b24b4f |
"clock_settime",
|
|
|
b24b4f |
"clock_settime64"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_TIME"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"errnoRet": 1,
|
|
|
b24b4f |
"errno": "EPERM"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"vhangup"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_TTY_CONFIG"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"vhangup"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_SYS_TTY_CONFIG"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"errnoRet": 1,
|
|
|
b24b4f |
"errno": "EPERM"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"socket"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ERRNO",
|
|
|
b24b4f |
"args": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"index": 0,
|
|
|
b24b4f |
"value": 16,
|
|
|
b24b4f |
"valueTwo": 0,
|
|
|
b24b4f |
"op": "SCMP_CMP_EQ"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"index": 2,
|
|
|
b24b4f |
"value": 9,
|
|
|
b24b4f |
"valueTwo": 0,
|
|
|
b24b4f |
"op": "SCMP_CMP_EQ"
|
|
|
b24b4f |
}
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_AUDIT_WRITE"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"errnoRet": 22,
|
|
|
b24b4f |
"errno": "EINVAL"
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"socket"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"index": 2,
|
|
|
b24b4f |
"value": 9,
|
|
|
b24b4f |
"valueTwo": 0,
|
|
|
b24b4f |
"op": "SCMP_CMP_NE"
|
|
|
b24b4f |
}
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_AUDIT_WRITE"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"socket"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"index": 0,
|
|
|
b24b4f |
"value": 16,
|
|
|
b24b4f |
"valueTwo": 0,
|
|
|
b24b4f |
"op": "SCMP_CMP_NE"
|
|
|
b24b4f |
}
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_AUDIT_WRITE"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"socket"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": [
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"index": 2,
|
|
|
b24b4f |
"value": 9,
|
|
|
b24b4f |
"valueTwo": 0,
|
|
|
b24b4f |
"op": "SCMP_CMP_NE"
|
|
|
b24b4f |
}
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {},
|
|
|
b24b4f |
"excludes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_AUDIT_WRITE"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
}
|
|
|
b24b4f |
},
|
|
|
b24b4f |
{
|
|
|
b24b4f |
"names": [
|
|
|
b24b4f |
"socket"
|
|
|
b24b4f |
],
|
|
|
b24b4f |
"action": "SCMP_ACT_ALLOW",
|
|
|
b24b4f |
"args": null,
|
|
|
b24b4f |
"comment": "",
|
|
|
b24b4f |
"includes": {
|
|
|
b24b4f |
"caps": [
|
|
|
b24b4f |
"CAP_AUDIT_WRITE"
|
|
|
b24b4f |
]
|
|
|
b24b4f |
},
|
|
|
b24b4f |
"excludes": {}
|
|
|
b24b4f |
}
|
|
|
b24b4f |
]
|
|
|
b24b4f |
}
|