|
|
@@ -5,1597 +5,1597 @@ package seccomp
|
|
|
import (
|
|
|
"syscall"
|
|
|
|
|
|
- "github.com/opencontainers/runc/libcontainer/configs"
|
|
|
+ "github.com/docker/engine-api/types"
|
|
|
libseccomp "github.com/seccomp/libseccomp-golang"
|
|
|
)
|
|
|
|
|
|
-func arches() []string {
|
|
|
+func arches() []types.Arch {
|
|
|
var native, err = libseccomp.GetNativeArch()
|
|
|
if err != nil {
|
|
|
- return []string{}
|
|
|
+ return []types.Arch{}
|
|
|
}
|
|
|
var a = native.String()
|
|
|
switch a {
|
|
|
case "amd64":
|
|
|
- return []string{"amd64", "x86", "x32"}
|
|
|
+ return []types.Arch{types.ArchX86_64, types.ArchX86, types.ArchX32}
|
|
|
case "arm64":
|
|
|
- return []string{"arm64", "arm"}
|
|
|
+ return []types.Arch{types.ArchARM, types.ArchAARCH64}
|
|
|
case "mips64":
|
|
|
- return []string{"mips64", "mips64n32", "mips"}
|
|
|
+ return []types.Arch{types.ArchMIPS, types.ArchMIPS64, types.ArchMIPS64N32}
|
|
|
case "mips64n32":
|
|
|
- return []string{"mips64", "mips64n32", "mips"}
|
|
|
+ return []types.Arch{types.ArchMIPS, types.ArchMIPS64, types.ArchMIPS64N32}
|
|
|
case "mipsel64":
|
|
|
- return []string{"mipsel64", "mipsel64n32", "mipsel"}
|
|
|
+ return []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64, types.ArchMIPSEL64N32}
|
|
|
case "mipsel64n32":
|
|
|
- return []string{"mipsel64", "mipsel64n32", "mipsel"}
|
|
|
+ return []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64, types.ArchMIPSEL64N32}
|
|
|
default:
|
|
|
- return []string{a}
|
|
|
+ return []types.Arch{}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-// defaultProfile defines the whitelist for the default seccomp profile.
|
|
|
-var defaultProfile = &configs.Seccomp{
|
|
|
- DefaultAction: configs.Errno,
|
|
|
+// DefaultProfile defines the whitelist for the default seccomp profile.
|
|
|
+var DefaultProfile = &types.Seccomp{
|
|
|
+ DefaultAction: types.ActErrno,
|
|
|
Architectures: arches(),
|
|
|
- Syscalls: []*configs.Syscall{
|
|
|
+ Syscalls: []*types.Syscall{
|
|
|
{
|
|
|
Name: "accept",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "accept4",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "access",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "alarm",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "arch_prctl",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "bind",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "brk",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "capget",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "capset",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "chdir",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "chmod",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "chown",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "chown32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "chroot",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "clock_getres",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "clock_gettime",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "clock_nanosleep",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "clone",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{
|
|
|
{
|
|
|
Index: 0,
|
|
|
Value: syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET,
|
|
|
ValueTwo: 0,
|
|
|
- Op: configs.MaskEqualTo,
|
|
|
+ Op: types.OpMaskedEqual,
|
|
|
},
|
|
|
},
|
|
|
},
|
|
|
{
|
|
|
Name: "close",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "connect",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "creat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "dup",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "dup2",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "dup3",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "epoll_create",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "epoll_create1",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "epoll_ctl",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "epoll_ctl_old",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "epoll_pwait",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "epoll_wait",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "epoll_wait_old",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "eventfd",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "eventfd2",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "execve",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "execveat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "exit",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "exit_group",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "faccessat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fadvise64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fadvise64_64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fallocate",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fanotify_init",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fanotify_mark",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fchdir",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fchmod",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fchmodat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fchown",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fchown32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fchownat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fcntl",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fcntl64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fdatasync",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fgetxattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "flistxattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "flock",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fork",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fremovexattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fsetxattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fstat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fstat64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fstatat64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fstatfs",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fstatfs64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "fsync",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "ftruncate",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "ftruncate64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "futex",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "futimesat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getcpu",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getcwd",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getdents",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getdents64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getegid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getegid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "geteuid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "geteuid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getgid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getgid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getgroups",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getgroups32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getitimer",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getpeername",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getpgid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getpgrp",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getpid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getppid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getpriority",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getrandom",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getresgid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getresgid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getresuid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getresuid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getrlimit",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "get_robust_list",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getrusage",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getsid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getsockname",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getsockopt",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "get_thread_area",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "gettid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "gettimeofday",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getuid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getuid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "getxattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "inotify_add_watch",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "inotify_init",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "inotify_init1",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "inotify_rm_watch",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "io_cancel",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "ioctl",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "io_destroy",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "io_getevents",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "ioprio_get",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "ioprio_set",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "io_setup",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "io_submit",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "kill",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "lchown",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "lchown32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "lgetxattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "link",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "linkat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "listen",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "listxattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "llistxattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "_llseek",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "lremovexattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "lseek",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "lsetxattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "lstat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "lstat64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "madvise",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "memfd_create",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mincore",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mkdir",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mkdirat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mknod",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mknodat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mlock",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mlockall",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mmap",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mmap2",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mprotect",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mq_getsetattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mq_notify",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mq_open",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mq_timedreceive",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mq_timedsend",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mq_unlink",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "mremap",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "msgctl",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "msgget",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "msgrcv",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "msgsnd",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "msync",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "munlock",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "munlockall",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "munmap",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "nanosleep",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "newfstatat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "_newselect",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "open",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "openat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "pause",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "pipe",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "pipe2",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "poll",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "ppoll",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "prctl",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "pread64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "preadv",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "prlimit64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "pselect6",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "pwrite64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "pwritev",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "read",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "readahead",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "readlink",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "readlinkat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "readv",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "recv",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "recvfrom",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "recvmmsg",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "recvmsg",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "remap_file_pages",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "removexattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "rename",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "renameat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "renameat2",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "rmdir",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "rt_sigaction",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "rt_sigpending",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "rt_sigprocmask",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "rt_sigqueueinfo",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "rt_sigreturn",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "rt_sigsuspend",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "rt_sigtimedwait",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "rt_tgsigqueueinfo",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_getaffinity",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_getattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_getparam",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_get_priority_max",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_get_priority_min",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_getscheduler",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_rr_get_interval",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_setaffinity",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_setattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_setparam",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_setscheduler",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sched_yield",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "seccomp",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "select",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "semctl",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "semget",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "semop",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "semtimedop",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "send",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sendfile",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sendfile64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sendmmsg",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sendmsg",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sendto",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setdomainname",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setfsgid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setfsgid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setfsuid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setfsuid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setgid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setgid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setgroups",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setgroups32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sethostname",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setitimer",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setpgid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setpriority",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setregid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setregid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setresgid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setresgid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setresuid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setresuid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setreuid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setreuid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setrlimit",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "set_robust_list",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setsid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setsockopt",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "set_thread_area",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "set_tid_address",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setuid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setuid32",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "setxattr",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "shmat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "shmctl",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "shmdt",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "shmget",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "shutdown",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sigaltstack",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "signalfd",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "signalfd4",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sigreturn",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "socket",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "socketpair",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "splice",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "stat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "stat64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "statfs",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "statfs64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "symlink",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "symlinkat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sync",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sync_file_range",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "syncfs",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "sysinfo",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "syslog",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "tee",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "tgkill",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "time",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "timer_create",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "timer_delete",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "timerfd_create",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "timerfd_gettime",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "timerfd_settime",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "timer_getoverrun",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "timer_gettime",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "timer_settime",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "times",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "tkill",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "truncate",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "truncate64",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "ugetrlimit",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "umask",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "uname",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "unlink",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "unlinkat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "utime",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "utimensat",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "utimes",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "vfork",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "vhangup",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "vmsplice",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "wait4",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "waitid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "waitpid",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "write",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "writev",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
// i386 specific syscalls
|
|
|
{
|
|
|
Name: "modify_ldt",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
// arm specific syscalls
|
|
|
{
|
|
|
Name: "breakpoint",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "cacheflush",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
{
|
|
|
Name: "set_tls",
|
|
|
- Action: configs.Allow,
|
|
|
- Args: []*configs.Arg{},
|
|
|
+ Action: types.ActAllow,
|
|
|
+ Args: []*types.Arg{},
|
|
|
},
|
|
|
},
|
|
|
}
|
Brian Goff