|
 |
ab079c |
{
|
|
|
ab079c |
"defaultAction": "SCMP_ACT_ERRNO",
|
|
|
ab079c |
"archMap": [
|
|
|
ab079c |
{
|
|
|
ab079c |
"architecture": "SCMP_ARCH_X86_64",
|
|
|
ab079c |
"subArchitectures": [
|
|
|
ab079c |
"SCMP_ARCH_X86",
|
|
|
ab079c |
"SCMP_ARCH_X32"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"architecture": "SCMP_ARCH_AARCH64",
|
|
|
ab079c |
"subArchitectures": [
|
|
|
ab079c |
"SCMP_ARCH_ARM"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"architecture": "SCMP_ARCH_MIPS64",
|
|
|
ab079c |
"subArchitectures": [
|
|
|
ab079c |
"SCMP_ARCH_MIPS",
|
|
|
ab079c |
"SCMP_ARCH_MIPS64N32"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"architecture": "SCMP_ARCH_MIPS64N32",
|
|
|
ab079c |
"subArchitectures": [
|
|
|
ab079c |
"SCMP_ARCH_MIPS",
|
|
|
ab079c |
"SCMP_ARCH_MIPS64"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"architecture": "SCMP_ARCH_MIPSEL64",
|
|
|
ab079c |
"subArchitectures": [
|
|
|
ab079c |
"SCMP_ARCH_MIPSEL",
|
|
|
ab079c |
"SCMP_ARCH_MIPSEL64N32"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"architecture": "SCMP_ARCH_MIPSEL64N32",
|
|
|
ab079c |
"subArchitectures": [
|
|
|
ab079c |
"SCMP_ARCH_MIPSEL",
|
|
|
ab079c |
"SCMP_ARCH_MIPSEL64"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"architecture": "SCMP_ARCH_S390X",
|
|
|
ab079c |
"subArchitectures": [
|
|
|
ab079c |
"SCMP_ARCH_S390"
|
|
|
ab079c |
]
|
|
|
ab079c |
}
|
|
|
ab079c |
],
|
|
|
ab079c |
"syscalls": [
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"accept",
|
|
|
ab079c |
"accept4",
|
|
|
ab079c |
"access",
|
|
|
ab079c |
"adjtimex",
|
|
|
ab079c |
"alarm",
|
|
|
ab079c |
"bind",
|
|
|
ab079c |
"brk",
|
|
|
ab079c |
"capget",
|
|
|
ab079c |
"capset",
|
|
|
ab079c |
"chdir",
|
|
|
ab079c |
"chmod",
|
|
|
ab079c |
"chown",
|
|
|
ab079c |
"chown32",
|
|
|
ab079c |
"clock_getres",
|
|
|
ab079c |
"clock_gettime",
|
|
|
ab079c |
"clock_nanosleep",
|
|
|
ab079c |
"close",
|
|
|
ab079c |
"connect",
|
|
|
ab079c |
"copy_file_range",
|
|
|
ab079c |
"creat",
|
|
|
ab079c |
"dup",
|
|
|
ab079c |
"dup2",
|
|
|
ab079c |
"dup3",
|
|
|
ab079c |
"epoll_create",
|
|
|
ab079c |
"epoll_create1",
|
|
|
ab079c |
"epoll_ctl",
|
|
|
ab079c |
"epoll_ctl_old",
|
|
|
ab079c |
"epoll_pwait",
|
|
|
ab079c |
"epoll_wait",
|
|
|
ab079c |
"epoll_wait_old",
|
|
|
ab079c |
"eventfd",
|
|
|
ab079c |
"eventfd2",
|
|
|
ab079c |
"execve",
|
|
|
ab079c |
"execveat",
|
|
|
ab079c |
"exit",
|
|
|
ab079c |
"exit_group",
|
|
|
ab079c |
"faccessat",
|
|
|
ab079c |
"fadvise64",
|
|
|
ab079c |
"fadvise64_64",
|
|
|
ab079c |
"fallocate",
|
|
|
ab079c |
"fanotify_mark",
|
|
|
ab079c |
"fchdir",
|
|
|
ab079c |
"fchmod",
|
|
|
ab079c |
"fchmodat",
|
|
|
ab079c |
"fchown",
|
|
|
ab079c |
"fchown32",
|
|
|
ab079c |
"fchownat",
|
|
|
ab079c |
"fcntl",
|
|
|
ab079c |
"fcntl64",
|
|
|
ab079c |
"fdatasync",
|
|
|
ab079c |
"fgetxattr",
|
|
|
ab079c |
"flistxattr",
|
|
|
ab079c |
"flock",
|
|
|
ab079c |
"fork",
|
|
|
ab079c |
"fremovexattr",
|
|
|
ab079c |
"fsetxattr",
|
|
|
ab079c |
"fstat",
|
|
|
ab079c |
"fstat64",
|
|
|
ab079c |
"fstatat64",
|
|
|
ab079c |
"fstatfs",
|
|
|
ab079c |
"fstatfs64",
|
|
|
ab079c |
"fsync",
|
|
|
ab079c |
"ftruncate",
|
|
|
ab079c |
"ftruncate64",
|
|
|
ab079c |
"futex",
|
|
|
ab079c |
"futimesat",
|
|
|
ab079c |
"getcpu",
|
|
|
ab079c |
"getcwd",
|
|
|
ab079c |
"getdents",
|
|
|
ab079c |
"getdents64",
|
|
|
ab079c |
"getegid",
|
|
|
ab079c |
"getegid32",
|
|
|
ab079c |
"geteuid",
|
|
|
ab079c |
"geteuid32",
|
|
|
ab079c |
"getgid",
|
|
|
ab079c |
"getgid32",
|
|
|
ab079c |
"getgroups",
|
|
|
ab079c |
"getgroups32",
|
|
|
ab079c |
"getitimer",
|
|
|
ab079c |
"getpeername",
|
|
|
ab079c |
"getpgid",
|
|
|
ab079c |
"getpgrp",
|
|
|
ab079c |
"getpid",
|
|
|
ab079c |
"getppid",
|
|
|
ab079c |
"getpriority",
|
|
|
ab079c |
"getrandom",
|
|
|
ab079c |
"getresgid",
|
|
|
ab079c |
"getresgid32",
|
|
|
ab079c |
"getresuid",
|
|
|
ab079c |
"getresuid32",
|
|
|
ab079c |
"getrlimit",
|
|
|
ab079c |
"get_robust_list",
|
|
|
ab079c |
"getrusage",
|
|
|
ab079c |
"getsid",
|
|
|
ab079c |
"getsockname",
|
|
|
ab079c |
"getsockopt",
|
|
|
ab079c |
"get_thread_area",
|
|
|
ab079c |
"gettid",
|
|
|
ab079c |
"gettimeofday",
|
|
|
ab079c |
"getuid",
|
|
|
ab079c |
"getuid32",
|
|
|
ab079c |
"getxattr",
|
|
|
ab079c |
"inotify_add_watch",
|
|
|
ab079c |
"inotify_init",
|
|
|
ab079c |
"inotify_init1",
|
|
|
ab079c |
"inotify_rm_watch",
|
|
|
ab079c |
"io_cancel",
|
|
|
ab079c |
"ioctl",
|
|
|
ab079c |
"io_destroy",
|
|
|
ab079c |
"io_getevents",
|
|
|
ab079c |
"ioprio_get",
|
|
|
ab079c |
"ioprio_set",
|
|
|
ab079c |
"io_setup",
|
|
|
ab079c |
"io_submit",
|
|
|
ab079c |
"ipc",
|
|
|
ab079c |
"kill",
|
|
|
ab079c |
"lchown",
|
|
|
ab079c |
"lchown32",
|
|
|
ab079c |
"lgetxattr",
|
|
|
ab079c |
"link",
|
|
|
ab079c |
"linkat",
|
|
|
ab079c |
"listen",
|
|
|
ab079c |
"listxattr",
|
|
|
ab079c |
"llistxattr",
|
|
|
ab079c |
"_llseek",
|
|
|
ab079c |
"lremovexattr",
|
|
|
ab079c |
"lseek",
|
|
|
ab079c |
"lsetxattr",
|
|
|
ab079c |
"lstat",
|
|
|
ab079c |
"lstat64",
|
|
|
ab079c |
"madvise",
|
|
|
ab079c |
"memfd_create",
|
|
|
ab079c |
"mincore",
|
|
|
ab079c |
"mkdir",
|
|
|
ab079c |
"mkdirat",
|
|
|
ab079c |
"mknod",
|
|
|
ab079c |
"mknodat",
|
|
|
ab079c |
"mlock",
|
|
|
ab079c |
"mlock2",
|
|
|
ab079c |
"mlockall",
|
|
|
ab079c |
"mmap",
|
|
|
ab079c |
"mmap2",
|
|
|
ab079c |
"mprotect",
|
|
|
ab079c |
"mq_getsetattr",
|
|
|
ab079c |
"mq_notify",
|
|
|
ab079c |
"mq_open",
|
|
|
ab079c |
"mq_timedreceive",
|
|
|
ab079c |
"mq_timedsend",
|
|
|
ab079c |
"mq_unlink",
|
|
|
ab079c |
"mremap",
|
|
|
ab079c |
"msgctl",
|
|
|
ab079c |
"msgget",
|
|
|
ab079c |
"msgrcv",
|
|
|
ab079c |
"msgsnd",
|
|
|
ab079c |
"msync",
|
|
|
ab079c |
"munlock",
|
|
|
ab079c |
"munlockall",
|
|
|
ab079c |
"munmap",
|
|
|
ab079c |
"nanosleep",
|
|
|
ab079c |
"newfstatat",
|
|
|
ab079c |
"_newselect",
|
|
|
ab079c |
"open",
|
|
|
ab079c |
"openat",
|
|
|
ab079c |
"pause",
|
|
|
ab079c |
"pipe",
|
|
|
ab079c |
"pipe2",
|
|
|
ab079c |
"poll",
|
|
|
ab079c |
"ppoll",
|
|
|
ab079c |
"prctl",
|
|
|
ab079c |
"pread64",
|
|
|
ab079c |
"preadv",
|
|
|
ab079c |
"preadv2",
|
|
|
ab079c |
"prlimit64",
|
|
|
ab079c |
"pselect6",
|
|
|
ab079c |
"pwrite64",
|
|
|
ab079c |
"pwritev",
|
|
|
ab079c |
"pwritev2",
|
|
|
ab079c |
"read",
|
|
|
ab079c |
"readahead",
|
|
|
ab079c |
"readlink",
|
|
|
ab079c |
"readlinkat",
|
|
|
ab079c |
"readv",
|
|
|
ab079c |
"recv",
|
|
|
ab079c |
"recvfrom",
|
|
|
ab079c |
"recvmmsg",
|
|
|
ab079c |
"recvmsg",
|
|
|
ab079c |
"remap_file_pages",
|
|
|
ab079c |
"removexattr",
|
|
|
ab079c |
"rename",
|
|
|
ab079c |
"renameat",
|
|
|
ab079c |
"renameat2",
|
|
|
ab079c |
"restart_syscall",
|
|
|
ab079c |
"rmdir",
|
|
|
ab079c |
"rt_sigaction",
|
|
|
ab079c |
"rt_sigpending",
|
|
|
ab079c |
"rt_sigprocmask",
|
|
|
ab079c |
"rt_sigqueueinfo",
|
|
|
ab079c |
"rt_sigreturn",
|
|
|
ab079c |
"rt_sigsuspend",
|
|
|
ab079c |
"rt_sigtimedwait",
|
|
|
ab079c |
"rt_tgsigqueueinfo",
|
|
|
ab079c |
"sched_getaffinity",
|
|
|
ab079c |
"sched_getattr",
|
|
|
ab079c |
"sched_getparam",
|
|
|
ab079c |
"sched_get_priority_max",
|
|
|
ab079c |
"sched_get_priority_min",
|
|
|
ab079c |
"sched_getscheduler",
|
|
|
ab079c |
"sched_rr_get_interval",
|
|
|
ab079c |
"sched_setaffinity",
|
|
|
ab079c |
"sched_setattr",
|
|
|
ab079c |
"sched_setparam",
|
|
|
ab079c |
"sched_setscheduler",
|
|
|
ab079c |
"sched_yield",
|
|
|
ab079c |
"seccomp",
|
|
|
ab079c |
"select",
|
|
|
ab079c |
"semctl",
|
|
|
ab079c |
"semget",
|
|
|
ab079c |
"semop",
|
|
|
ab079c |
"semtimedop",
|
|
|
ab079c |
"send",
|
|
|
ab079c |
"sendfile",
|
|
|
ab079c |
"sendfile64",
|
|
|
ab079c |
"sendmmsg",
|
|
|
ab079c |
"sendmsg",
|
|
|
ab079c |
"sendto",
|
|
|
ab079c |
"setfsgid",
|
|
|
ab079c |
"setfsgid32",
|
|
|
ab079c |
"setfsuid",
|
|
|
ab079c |
"setfsuid32",
|
|
|
ab079c |
"setgid",
|
|
|
ab079c |
"setgid32",
|
|
|
ab079c |
"setgroups",
|
|
|
ab079c |
"setgroups32",
|
|
|
ab079c |
"setitimer",
|
|
|
ab079c |
"setpgid",
|
|
|
ab079c |
"setpriority",
|
|
|
ab079c |
"setregid",
|
|
|
ab079c |
"setregid32",
|
|
|
ab079c |
"setresgid",
|
|
|
ab079c |
"setresgid32",
|
|
|
ab079c |
"setresuid",
|
|
|
ab079c |
"setresuid32",
|
|
|
ab079c |
"setreuid",
|
|
|
ab079c |
"setreuid32",
|
|
|
ab079c |
"setrlimit",
|
|
|
ab079c |
"set_robust_list",
|
|
|
ab079c |
"setsid",
|
|
|
ab079c |
"setsockopt",
|
|
|
ab079c |
"set_thread_area",
|
|
|
ab079c |
"set_tid_address",
|
|
|
ab079c |
"setuid",
|
|
|
ab079c |
"setuid32",
|
|
|
ab079c |
"setxattr",
|
|
|
ab079c |
"shmat",
|
|
|
ab079c |
"shmctl",
|
|
|
ab079c |
"shmdt",
|
|
|
ab079c |
"shmget",
|
|
|
ab079c |
"shutdown",
|
|
|
ab079c |
"sigaltstack",
|
|
|
ab079c |
"signalfd",
|
|
|
ab079c |
"signalfd4",
|
|
|
ab079c |
"sigreturn",
|
|
|
ab079c |
"socket",
|
|
|
ab079c |
"socketcall",
|
|
|
ab079c |
"socketpair",
|
|
|
ab079c |
"splice",
|
|
|
ab079c |
"stat",
|
|
|
ab079c |
"stat64",
|
|
|
ab079c |
"statfs",
|
|
|
ab079c |
"statfs64",
|
|
|
ab079c |
"statx",
|
|
|
ab079c |
"symlink",
|
|
|
ab079c |
"symlinkat",
|
|
|
ab079c |
"sync",
|
|
|
ab079c |
"sync_file_range",
|
|
|
ab079c |
"syncfs",
|
|
|
ab079c |
"sysinfo",
|
|
|
ab079c |
"syslog",
|
|
|
ab079c |
"tee",
|
|
|
ab079c |
"tgkill",
|
|
|
ab079c |
"time",
|
|
|
ab079c |
"timer_create",
|
|
|
ab079c |
"timer_delete",
|
|
|
ab079c |
"timerfd_create",
|
|
|
ab079c |
"timerfd_gettime",
|
|
|
ab079c |
"timerfd_settime",
|
|
|
ab079c |
"timer_getoverrun",
|
|
|
ab079c |
"timer_gettime",
|
|
|
ab079c |
"timer_settime",
|
|
|
ab079c |
"times",
|
|
|
ab079c |
"tkill",
|
|
|
ab079c |
"truncate",
|
|
|
ab079c |
"truncate64",
|
|
|
ab079c |
"ugetrlimit",
|
|
|
ab079c |
"umask",
|
|
|
ab079c |
"uname",
|
|
|
ab079c |
"unlink",
|
|
|
ab079c |
"unlinkat",
|
|
|
ab079c |
"utime",
|
|
|
ab079c |
"utimensat",
|
|
|
ab079c |
"utimes",
|
|
|
ab079c |
"vfork",
|
|
|
ab079c |
"vmsplice",
|
|
|
ab079c |
"wait4",
|
|
|
ab079c |
"waitid",
|
|
|
ab079c |
"waitpid",
|
|
|
ab079c |
"write",
|
|
|
ab079c |
"writev",
|
|
|
ab079c |
"mount",
|
|
|
ab079c |
"umount2",
|
|
|
ab079c |
"reboot",
|
|
|
ab079c |
"name_to_handle_at",
|
|
|
ab079c |
"unshare"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"personality"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [
|
|
|
ab079c |
{
|
|
|
ab079c |
"index": 0,
|
|
|
ab079c |
"value": 0,
|
|
|
ab079c |
"valueTwo": 0,
|
|
|
ab079c |
"op": "SCMP_CMP_EQ"
|
|
|
ab079c |
}
|
|
|
ab079c |
],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"personality"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [
|
|
|
ab079c |
{
|
|
|
ab079c |
"index": 0,
|
|
|
ab079c |
"value": 8,
|
|
|
ab079c |
"valueTwo": 0,
|
|
|
ab079c |
"op": "SCMP_CMP_EQ"
|
|
|
ab079c |
}
|
|
|
ab079c |
],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"personality"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [
|
|
|
ab079c |
{
|
|
|
ab079c |
"index": 0,
|
|
|
ab079c |
"value": 131072,
|
|
|
ab079c |
"valueTwo": 0,
|
|
|
ab079c |
"op": "SCMP_CMP_EQ"
|
|
|
ab079c |
}
|
|
|
ab079c |
],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"personality"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [
|
|
|
ab079c |
{
|
|
|
ab079c |
"index": 0,
|
|
|
ab079c |
"value": 131080,
|
|
|
ab079c |
"valueTwo": 0,
|
|
|
ab079c |
"op": "SCMP_CMP_EQ"
|
|
|
ab079c |
}
|
|
|
ab079c |
],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"personality"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [
|
|
|
ab079c |
{
|
|
|
ab079c |
"index": 0,
|
|
|
ab079c |
"value": 4294967295,
|
|
|
ab079c |
"valueTwo": 0,
|
|
|
ab079c |
"op": "SCMP_CMP_EQ"
|
|
|
ab079c |
}
|
|
|
ab079c |
],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"sync_file_range2"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"arches": [
|
|
|
ab079c |
"ppc64le"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"arm_fadvise64_64",
|
|
|
ab079c |
"arm_sync_file_range",
|
|
|
ab079c |
"sync_file_range2",
|
|
|
ab079c |
"breakpoint",
|
|
|
ab079c |
"cacheflush",
|
|
|
ab079c |
"set_tls"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"arches": [
|
|
|
ab079c |
"arm",
|
|
|
ab079c |
"arm64"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"arch_prctl"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"arches": [
|
|
|
ab079c |
"amd64",
|
|
|
ab079c |
"x32"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"modify_ldt"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"arches": [
|
|
|
ab079c |
"amd64",
|
|
|
ab079c |
"x32",
|
|
|
ab079c |
"x86"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"s390_pci_mmio_read",
|
|
|
ab079c |
"s390_pci_mmio_write",
|
|
|
ab079c |
"s390_runtime_instr"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"arches": [
|
|
|
ab079c |
"s390",
|
|
|
ab079c |
"s390x"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"open_by_handle_at"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_DAC_READ_SEARCH"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"bpf",
|
|
|
ab079c |
"clone",
|
|
|
ab079c |
"fanotify_init",
|
|
|
ab079c |
"lookup_dcookie",
|
|
|
ab079c |
"mount",
|
|
|
ab079c |
"name_to_handle_at",
|
|
|
ab079c |
"perf_event_open",
|
|
|
ab079c |
"quotactl",
|
|
|
ab079c |
"setdomainname",
|
|
|
ab079c |
"sethostname",
|
|
|
ab079c |
"setns",
|
|
|
ab079c |
"umount",
|
|
|
ab079c |
"umount2",
|
|
|
ab079c |
"unshare"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_ADMIN"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"clone"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [
|
|
|
ab079c |
{
|
|
|
ab079c |
"index": 0,
|
|
|
ab079c |
"value": 2080505856,
|
|
|
ab079c |
"valueTwo": 0,
|
|
|
ab079c |
"op": "SCMP_CMP_MASKED_EQ"
|
|
|
ab079c |
}
|
|
|
ab079c |
],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {},
|
|
|
ab079c |
"excludes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_ADMIN"
|
|
|
ab079c |
],
|
|
|
ab079c |
"arches": [
|
|
|
ab079c |
"s390",
|
|
|
ab079c |
"s390x"
|
|
|
ab079c |
]
|
|
|
ab079c |
}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"clone"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [
|
|
|
ab079c |
{
|
|
|
ab079c |
"index": 1,
|
|
|
ab079c |
"value": 2080505856,
|
|
|
ab079c |
"valueTwo": 0,
|
|
|
ab079c |
"op": "SCMP_CMP_MASKED_EQ"
|
|
|
ab079c |
}
|
|
|
ab079c |
],
|
|
|
ab079c |
"comment": "s390 parameter ordering for clone is different",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"arches": [
|
|
|
ab079c |
"s390",
|
|
|
ab079c |
"s390x"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_ADMIN"
|
|
|
ab079c |
]
|
|
|
ab079c |
}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"reboot"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_BOOT"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"chroot"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_CHROOT"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"delete_module",
|
|
|
ab079c |
"init_module",
|
|
|
ab079c |
"finit_module",
|
|
|
ab079c |
"query_module"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_MODULE"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"get_mempolicy",
|
|
|
ab079c |
"mbind",
|
|
|
ab079c |
"name_to_handle_at",
|
|
|
ab079c |
"set_mempolicy"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_NICE"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"acct"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_PACCT"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"kcmp",
|
|
|
ab079c |
"process_vm_readv",
|
|
|
ab079c |
"process_vm_writev",
|
|
|
ab079c |
"ptrace"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_PTRACE"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"iopl",
|
|
|
ab079c |
"ioperm"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_RAWIO"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"settimeofday",
|
|
|
ab079c |
"stime",
|
|
|
ab079c |
"clock_settime"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_TIME"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
},
|
|
|
ab079c |
{
|
|
|
ab079c |
"names": [
|
|
|
ab079c |
"vhangup"
|
|
|
ab079c |
],
|
|
|
ab079c |
"action": "SCMP_ACT_ALLOW",
|
|
|
ab079c |
"args": [],
|
|
|
ab079c |
"comment": "",
|
|
|
ab079c |
"includes": {
|
|
|
ab079c |
"caps": [
|
|
|
ab079c |
"CAP_SYS_TTY_CONFIG"
|
|
|
ab079c |
]
|
|
|
ab079c |
},
|
|
|
ab079c |
"excludes": {}
|
|
|
ab079c |
}
|
|
|
ab079c |
]
|
|
|
ab079c |
}
|