Merge pull request #2928 from topimiettinen/seccomp-more-groups

Add further seccomp groups
author: netblue30 <netblue30@yahoo.com> 2019-08-29 14:50:57 -0500
committer: GitHub <noreply@github.com> 2019-08-29 14:50:57 -0500
commit: c80831aa7596e5937d4fd7650877bc83c43453e2 (patch)
tree: d77ad00b620d00b2aa545b7e556a902eb8f62f9f /src/fseccomp
parent: fix previous merge (diff)
parent: Add further seccomp groups (diff)
download: firejail-c80831aa7596e5937d4fd7650877bc83c43453e2.tar.gz
firejail-c80831aa7596e5937d4fd7650877bc83c43453e2.tar.zst
firejail-c80831aa7596e5937d4fd7650877bc83c43453e2.zip
1 files changed, 992 insertions, 4 deletions
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c
index d31b719d6..5d83786bb 100644
--- a/src/fseccomp/syscall.c
+++ b/src/fseccomp/syscall.c
@@ -50,6 +50,99 @@ static const SyscallEntry syslist[] = {
 }; // end of syslist
 static const SyscallGroupList sysgroups[] = {
+        { .name = "@aio", .list =
+#ifdef SYS_io_cancel
+          "io_cancel,"
+#endif
+#ifdef SYS_io_destroy
+          "io_destroy,"
+#endif
+#ifdef SYS_io_getevents
+          "io_getevents,"
+#endif
+#ifdef SYS_io_pgetevents
+          "io_pgetevents,"
+#endif
+#ifdef SYS_io_setup
+          "io_setup,"
+#endif
+#ifdef SYS_io_submit
+          "io_submit"
+#endif
+        },
+        { .name = "@basic-io", .list =
+#ifdef SYS__llseek
+          "_llseek,"
+#endif
+#ifdef SYS_close
+          "close,"
+#endif
+#ifdef SYS_dup
+          "dup,"
+#endif
+#ifdef SYS_dup2
+          "dup2,"
+#endif
+#ifdef SYS_dup3
+          "dup3,"
+#endif
+#ifdef SYS_lseek
+          "lseek,"
+#endif
+#ifdef SYS_pread64
+          "pread64,"
+#endif
+#ifdef SYS_preadv
+          "preadv,"
+#endif
+#ifdef SYS_preadv2
+          "preadv2,"
+#endif
+#ifdef SYS_pwrite64
+          "pwrite64,"
+#endif
+#ifdef SYS_pwritev
+          "pwritev,"
+#endif
+#ifdef SYS_pwritev2
+          "pwritev2,"
+#endif
+#ifdef SYS_read
+          "read,"
+#endif
+#ifdef SYS_readv
+          "readv,"
+#endif
+#ifdef SYS_write
+          "write,"
+#endif
+#ifdef SYS_writev
+          "writev"
+#endif
+        },
+        { .name = "@chown", .list =
+#ifdef SYS_chown
+          "chown,"
+#endif
+#ifdef SYS_chown32
+          "chown32,"
+#endif
+#ifdef SYS_fchown
+          "fchown,"
+#endif
+#ifdef SYS_fchown32
+          "fchown32,"
+#endif
+#ifdef SYS_fchownat
+          "fchownat,"
+#endif
+#ifdef SYS_lchown
+          "lchown,"
+#endif
+#ifdef SYS_lchown32
+          "lchown32"
+#endif
+        },
        { .name = "@clock", .list =
 #ifdef SYS_adjtimex
          "adjtimex,"
@@ -190,6 +283,382 @@ static const SyscallGroupList sysgroups[] = {
          "execve,"
          "prctl"
        },
+        { .name = "@file-system", .list =
+#ifdef SYS_access
+          "access,"
+#endif
+#ifdef SYS_chdir
+          "chdir,"
+#endif
+#ifdef SYS_chmod
+          "chmod,"
+#endif
+#ifdef SYS_close
+          "close,"
+#endif
+#ifdef SYS_creat
+          "creat,"
+#endif
+#ifdef SYS_faccessat
+          "faccessat,"
+#endif
+#ifdef SYS_fallocate
+          "fallocate,"
+#endif
+#ifdef SYS_fchdir
+          "fchdir,"
+#endif
+#ifdef SYS_fchmod
+          "fchmod,"
+#endif
+#ifdef SYS_fchmodat
+          "fchmodat,"
+#endif
+#ifdef SYS_fcntl
+          "fcntl,"
+#endif
+#ifdef SYS_fcntl64
+          "fcntl64,"
+#endif
+#ifdef SYS_fgetxattr
+          "fgetxattr,"
+#endif
+#ifdef SYS_flistxattr
+          "flistxattr,"
+#endif
+#ifdef SYS_fremovexattr
+          "fremovexattr,"
+#endif
+#ifdef SYS_fsetxattr
+          "fsetxattr,"
+#endif
+#ifdef SYS_fstat
+          "fstat,"
+#endif
+#ifdef SYS_fstat64
+          "fstat64,"
+#endif
+#ifdef SYS_fstatat64
+          "fstatat64,"
+#endif
+#ifdef SYS_fstatfs
+          "fstatfs,"
+#endif
+#ifdef SYS_fstatfs64
+          "fstatfs64,"
+#endif
+#ifdef SYS_ftruncate
+          "ftruncate,"
+#endif
+#ifdef SYS_ftruncate64
+          "ftruncate64,"
+#endif
+#ifdef SYS_futimesat
+          "futimesat,"
+#endif
+#ifdef SYS_getcwd
+          "getcwd,"
+#endif
+#ifdef SYS_getdents
+          "getdents,"
+#endif
+#ifdef SYS_getdents64
+          "getdents64,"
+#endif
+#ifdef SYS_getxattr
+          "getxattr,"
+#endif
+#ifdef SYS_inotify_add_watch
+          "inotify_add_watch,"
+#endif
+#ifdef SYS_inotify_init
+          "inotify_init,"
+#endif
+#ifdef SYS_inotify_init1
+          "inotify_init1,"
+#endif
+#ifdef SYS_inotify_rm_watch
+          "inotify_rm_watch,"
+#endif
+#ifdef SYS_lgetxattr
+          "lgetxattr,"
+#endif
+#ifdef SYS_link
+          "link,"
+#endif
+#ifdef SYS_linkat
+          "linkat,"
+#endif
+#ifdef SYS_listxattr
+          "listxattr,"
+#endif
+#ifdef SYS_llistxattr
+          "llistxattr,"
+#endif
+#ifdef SYS_lremovexattr
+          "lremovexattr,"
+#endif
+#ifdef SYS_lsetxattr
+          "lsetxattr,"
+#endif
+#ifdef SYS_lstat
+          "lstat,"
+#endif
+#ifdef SYS_lstat64
+          "lstat64,"
+#endif
+#ifdef SYS_mkdir
+          "mkdir,"
+#endif
+#ifdef SYS_mkdirat
+          "mkdirat,"
+#endif
+#ifdef SYS_mknod
+          "mknod,"
+#endif
+#ifdef SYS_mknodat
+          "mknodat,"
+#endif
+#ifdef SYS_mmap
+          "mmap,"
+#endif
+#ifdef SYS_mmap2
+          "mmap2,"
+#endif
+#ifdef SYS_munmap
+          "munmap,"
+#endif
+#ifdef SYS_newfstatat
+          "newfstatat,"
+#endif
+#ifdef SYS_oldfstat
+          "oldfstat,"
+#endif
+#ifdef SYS_oldlstat
+          "oldlstat,"
+#endif
+#ifdef SYS_oldstat
+          "oldstat,"
+#endif
+#ifdef SYS_open
+          "open,"
+#endif
+#ifdef SYS_openat
+          "openat,"
+#endif
+#ifdef SYS_readlink
+          "readlink,"
+#endif
+#ifdef SYS_readlinkat
+          "readlinkat,"
+#endif
+#ifdef SYS_removexattr
+          "removexattr,"
+#endif
+#ifdef SYS_rename
+          "rename,"
+#endif
+#ifdef SYS_renameat
+          "renameat,"
+#endif
+#ifdef SYS_renameat2
+          "renameat2,"
+#endif
+#ifdef SYS_rmdir
+          "rmdir,"
+#endif
+#ifdef SYS_setxattr
+          "setxattr,"
+#endif
+#ifdef SYS_stat
+          "stat,"
+#endif
+#ifdef SYS_stat64
+          "stat64,"
+#endif
+#ifdef SYS_statfs
+          "statfs,"
+#endif
+#ifdef SYS_statfs64
+          "statfs64,"
+#endif
+#ifdef SYS_statx
+          "statx,"
+#endif
+#ifdef SYS_symlink
+          "symlink,"
+#endif
+#ifdef SYS_symlinkat
+          "symlinkat,"
+#endif
+#ifdef SYS_truncate
+          "truncate,"
+#endif
+#ifdef SYS_truncate64
+          "truncate64,"
+#endif
+#ifdef SYS_unlink
+          "unlink,"
+#endif
+#ifdef SYS_unlinkat
+          "unlinkat,"
+#endif
+#ifdef SYS_utime
+          "utime,"
+#endif
+#ifdef SYS_utimensat
+          "utimensat,"
+#endif
+#ifdef SYS_utimes
+          "utimes"
+#endif
+        },
+        { .name = "@io-event", .list =
+#ifdef SYS__newselect
+          "_newselect,"
+#endif
+#ifdef SYS_epoll_create
+          "epoll_create,"
+#endif
+#ifdef SYS_epoll_create1
+          "epoll_create1,"
+#endif
+#ifdef SYS_epoll_ctl
+          "epoll_ctl,"
+#endif
+#ifdef SYS_epoll_ctl_old
+          "epoll_ctl_old,"
+#endif
+#ifdef SYS_epoll_pwait
+          "epoll_pwait,"
+#endif
+#ifdef SYS_epoll_wait
+          "epoll_wait,"
+#endif
+#ifdef SYS_epoll_wait_old
+          "epoll_wait_old,"
+#endif
+#ifdef SYS_eventfd
+          "eventfd,"
+#endif
+#ifdef SYS_eventfd2
+          "eventfd2,"
+#endif
+#ifdef SYS_poll
+          "poll,"
+#endif
+#ifdef SYS_ppoll
+          "ppoll,"
+#endif
+#ifdef SYS_pselect6
+          "pselect6,"
+#endif
+#ifdef SYS_select
+          "select"
+#endif
+        },
+        { .name = "@ipc", .list =
+#ifdef SYS_ipc
+          "ipc,"
+#endif
+#ifdef SYS_memfd_create
+          "memfd_create,"
+#endif
+#ifdef SYS_mq_getsetattr
+          "mq_getsetattr,"
+#endif
+#ifdef SYS_mq_notify
+          "mq_notify,"
+#endif
+#ifdef SYS_mq_open
+          "mq_open,"
+#endif
+#ifdef SYS_mq_timedreceive
+          "mq_timedreceive,"
+#endif
+#ifdef SYS_mq_timedsend
+          "mq_timedsend,"
+#endif
+#ifdef SYS_mq_unlink
+          "mq_unlink,"
+#endif
+#ifdef SYS_msgctl
+          "msgctl,"
+#endif
+#ifdef SYS_msgget
+          "msgget,"
+#endif
+#ifdef SYS_msgrcv
+          "msgrcv,"
+#endif
+#ifdef SYS_msgsnd
+          "msgsnd,"
+#endif
+#ifdef SYS_pipe
+          "pipe,"
+#endif
+#ifdef SYS_pipe2
+          "pipe2,"
+#endif
+#ifdef SYS_process_vm_readv
+          "process_vm_readv,"
+#endif
+#ifdef SYS_process_vm_writev
+          "process_vm_writev,"
+#endif
+#ifdef SYS_semctl
+          "semctl,"
+#endif
+#ifdef SYS_semget
+          "semget,"
+#endif
+#ifdef SYS_semop
+          "semop,"
+#endif
+#ifdef SYS_semtimedop
+          "semtimedop,"
+#endif
+#ifdef SYS_shmat
+          "shmat,"
+#endif
+#ifdef SYS_shmctl
+          "shmctl,"
+#endif
+#ifdef SYS_shmdt
+          "shmdt,"
+#endif
+#ifdef SYS_shmget
+          "shmget"
+#endif
+        },
+        { .name = "@keyring", .list =
+#ifdef SYS_add_key
+          "add_key,"
+#endif
+#ifdef SYS_keyctl
+          "keyctl,"
+#endif
+#ifdef SYS_request_key
+          "request_key"
+#endif
+        },
+        { .name = "@memlock", .list =
+#ifdef SYS_mlock
+          "mlock,"
+#endif
+#ifdef SYS_mlock2
+          "mlock2,"
+#endif
+#ifdef SYS_mlockall
+          "mlockall,"
+#endif
+#ifdef SYS_munlock
+          "munlock,"
+#endif
+#ifdef SYS_munlockall
+          "munlockall"
+#endif
+        },
        { .name = "@module", .list =
 #ifdef SYS_delete_module
          "delete_module,"
@@ -201,6 +670,88 @@ static const SyscallGroupList sysgroups[] = {
          "init_module"
 #endif
        },
+        { .name = "@mount", .list =
+#ifdef SYS_chroot
+          "chroot,"
+#endif
+#ifdef SYS_mount
+          "mount,"
+#endif
+#ifdef SYS_pivot_root
+          "pivot_root,"
+#endif
+#ifdef SYS_umount
+          "umount,"
+#endif
+#ifdef SYS_umount2
+          "umount2"
+#endif
+        },
+        { .name = "@network-io", .list =
+#ifdef SYS_accept
+          "accept,"
+#endif
+#ifdef SYS_accept4
+          "accept4,"
+#endif
+#ifdef SYS_bind
+          "bind,"
+#endif
+#ifdef SYS_connect
+          "connect,"
+#endif
+#ifdef SYS_getpeername
+          "getpeername,"
+#endif
+#ifdef SYS_getsockname
+          "getsockname,"
+#endif
+#ifdef SYS_getsockopt
+          "getsockopt,"
+#endif
+#ifdef SYS_listen
+          "listen,"
+#endif
+#ifdef SYS_recv
+          "recv,"
+#endif
+#ifdef SYS_recvfrom
+          "recvfrom,"
+#endif
+#ifdef SYS_recvmmsg
+          "recvmmsg,"
+#endif
+#ifdef SYS_recvmsg
+          "recvmsg,"
+#endif
+#ifdef SYS_send
+          "send,"
+#endif
+#ifdef SYS_sendmmsg
+          "sendmmsg,"
+#endif
+#ifdef SYS_sendmsg
+          "sendmsg,"
+#endif
+#ifdef SYS_sendto
+          "sendto,"
+#endif
+#ifdef SYS_setsockopt
+          "setsockopt,"
+#endif
+#ifdef SYS_shutdown
+          "shutdown,"
+#endif
+#ifdef SYS_socket
+          "socket,"
+#endif
+#ifdef SYS_socketcall
+          "socketcall,"
+#endif
+#ifdef SYS_socketpair
+          "socketpair"
+#endif
+        },
        { .name = "@obsolete", .list =
 #ifdef SYS__sysctl
          "_sysctl,"
@@ -229,6 +780,9 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_gtty
          "gtty,"
 #endif
+#ifdef SYS_idle
+          "idle,"
+#endif
 #ifdef SYS_lock
          "lock,"
 #endif
@@ -282,35 +836,81 @@ static const SyscallGroupList sysgroups[] = {
 #endif
        },
        { .name = "@privileged", .list =
+          "@chown,"
          "@clock,"
          "@module,"
          "@raw-io,"
          "@reboot,"
          "@swap,"
+#ifdef SYS__sysctl
+          "_sysctl,"
+#endif
 #ifdef SYS_acct
          "acct,"
 #endif
 #ifdef SYS_bpf
          "bpf,"
 #endif
+#ifdef SYS_capset
+          "capset,"
+#endif
 #ifdef SYS_chroot
          "chroot,"
 #endif
+#ifdef SYS_fanotify_init
+          "fanotify_init,"
+#endif
 #ifdef SYS_mount
          "mount,"
 #endif
 #ifdef SYS_nfsservctl
          "nfsservctl,"
 #endif
+#ifdef SYS_open_by_handle_at
+          "open_by_handle_at,"
+#endif
 #ifdef SYS_pivot_root
          "pivot_root,"
 #endif
+#ifdef SYS_quotactl
+          "quotactl,"
+#endif
 #ifdef SYS_setdomainname
          "setdomainname,"
 #endif
+#ifdef SYS_setfsuid
+          "setfsuid,"
+#endif
+#ifdef SYS_setfsuid32
+          "setfsuid32,"
+#endif
+#ifdef SYS_setgroups
+          "setgroups,"
+#endif
+#ifdef SYS_setgroups32
+          "setgroups32,"
+#endif
 #ifdef SYS_sethostname
          "sethostname,"
 #endif
+#ifdef SYS_setresuid
+          "setresuid,"
+#endif
+#ifdef SYS_setresuid32
+          "setresuid32,"
+#endif
+#ifdef SYS_setreuid
+          "setreuid,"
+#endif
+#ifdef SYS_setreuid32
+          "setreuid32,"
+#endif
+#ifdef SYS_setuid
+          "setuid,"
+#endif
+#ifdef SYS_setuid32
+          "setuid32,"
+#endif
 #ifdef SYS_umount2
          "umount2,"
 #endif
@@ -318,6 +918,71 @@ static const SyscallGroupList sysgroups[] = {
          "vhangup"
 #endif
        },
+        { .name = "@process", .list =
+#ifdef SYS_arch_prctl
+          "arch_prctl,"
+#endif
+#ifdef SYS_capget
+          "capget,"
+#endif
+#ifdef SYS_clone
+          "clone,"
+#endif
+#ifdef SYS_execveat
+          "execveat,"
+#endif
+#ifdef SYS_fork
+          "fork,"
+#endif
+#ifdef SYS_getrusage
+          "getrusage,"
+#endif
+#ifdef SYS_kill
+          "kill,"
+#endif
+#ifdef SYS_pidfd_send_signal
+          "pidfd_send_signal,"
+#endif
+#ifdef SYS_prctl
+          "prctl,"
+#endif
+#ifdef SYS_rt_sigqueueinfo
+          "rt_sigqueueinfo,"
+#endif
+#ifdef SYS_rt_tgsigqueueinfo
+          "rt_tgsigqueueinfo,"
+#endif
+#ifdef SYS_setns
+          "setns,"
+#endif
+#ifdef SYS_swapcontext
+          "swapcontext,"
+#endif
+#ifdef SYS_tgkill
+          "tgkill,"
+#endif
+#ifdef SYS_times
+          "times,"
+#endif
+#ifdef SYS_tkill
+          "tkill,"
+#endif
+#ifdef SYS_unshare
+          "unshare,"
+#endif
+#ifdef SYS_vfork
+          "vfork,"
+#endif
+#ifdef SYS_wait4
+          "wait4,"
+#endif
+#ifdef SYS_waitid
+          "waitid,"
+#endif
+#ifdef SYS_waitpid
+          "waitpid"
+#endif
+        },
        { .name = "@raw-io", .list =
 #ifdef SYS_ioperm
          "ioperm,"
@@ -356,8 +1021,11 @@ static const SyscallGroupList sysgroups[] = {
 #endif
        },
        { .name = "@resources", .list =
-#ifdef SYS_set_mempolicy
+#ifdef SYS_ioprio_set
-          "set_mempolicy,"
+          "ioprio_set,"
+#endif
+#ifdef SYS_mbind
+          "mbind,"
 #endif
 #ifdef SYS_migrate_pages
          "migrate_pages,"
@@ -365,8 +1033,108 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_move_pages
          "move_pages,"
 #endif
-#ifdef SYS_mbind
+#ifdef SYS_nice
-          "mbind"
+          "nice,"
+#endif
+#ifdef SYS_sched_setaffinity
+          "sched_setaffinity,"
+#endif
+#ifdef SYS_sched_setattr
+          "sched_setattr,"
+#endif
+#ifdef SYS_sched_setparam
+          "sched_setparam,"
+#endif
+#ifdef SYS_sched_setscheduler
+          "sched_setscheduler,"
+#endif
+#ifdef SYS_set_mempolicy
+          "set_mempolicy"
+#endif
+        },
+        { .name = "@setuid", .list =
+#ifdef SYS_setgid
+          "setgid,"
+#endif
+#ifdef SYS_setgid32
+          "setgid32,"
+#endif
+#ifdef SYS_setgroups
+          "setgroups,"
+#endif
+#ifdef SYS_setgroups32
+          "setgroups32,"
+#endif
+#ifdef SYS_setregid
+          "setregid,"
+#endif
+#ifdef SYS_setregid32
+          "setregid32,"
+#endif
+#ifdef SYS_setresgid
+          "setresgid,"
+#endif
+#ifdef SYS_setresgid32
+          "setresgid32,"
+#endif
+#ifdef SYS_setresuid
+          "setresuid,"
+#endif
+#ifdef SYS_setresuid32
+          "setresuid32,"
+#endif
+#ifdef SYS_setreuid
+          "setreuid,"
+#endif
+#ifdef SYS_setreuid32
+          "setreuid32,"
+#endif
+#ifdef SYS_setuid
+          "setuid,"
+#endif
+#ifdef SYS_setuid32
+          "setuid32"
+#endif
+        },
+        { .name = "@signal", .list =
+#ifdef SYS_rt_sigaction
+          "rt_sigaction,"
+#endif
+#ifdef SYS_rt_sigpending
+          "rt_sigpending,"
+#endif
+#ifdef SYS_rt_sigprocmask
+          "rt_sigprocmask,"
+#endif
+#ifdef SYS_rt_sigsuspend
+          "rt_sigsuspend,"
+#endif
+#ifdef SYS_rt_sigtimedwait
+          "rt_sigtimedwait,"
+#endif
+#ifdef SYS_sigaction
+          "sigaction,"
+#endif
+#ifdef SYS_sigaltstack
+          "sigaltstack,"
+#endif
+#ifdef SYS_signal
+          "signal,"
+#endif
+#ifdef SYS_signalfd
+          "signalfd,"
+#endif
+#ifdef SYS_signalfd4
+          "signalfd4,"
+#endif
+#ifdef SYS_sigpending
+          "sigpending,"
+#endif
+#ifdef SYS_sigprocmask
+          "sigprocmask,"
+#endif
+#ifdef SYS_sigsuspend
+          "sigsuspend"
 #endif
        },
        { .name = "@swap", .list =
@@ -376,6 +1144,226 @@ static const SyscallGroupList sysgroups[] = {
 #ifdef SYS_swapoff
          "swapoff"
 #endif
+        },
+        { .name = "@sync", .list =
+#ifdef SYS_fdatasync
+          "fdatasync,"
+#endif
+#ifdef SYS_fsync
+          "fsync,"
+#endif
+#ifdef SYS_msync
+          "msync,"
+#endif
+#ifdef SYS_sync
+          "sync,"
+#endif
+#ifdef SYS_sync_file_range
+          "sync_file_range,"
+#endif
+#ifdef SYS_sync_file_range2
+          "sync_file_range2,"
+#endif
+#ifdef SYS_syncfs
+          "syncfs"
+#endif
+        },
+        { .name = "@system-service", .list =
+          "@aio,"
+          "@basic-io,"
+          "@chown,"
+          "@default,"
+          "@file-system,"
+          "@io-event,"
+          "@ipc,"
+          "@keyring,"
+          "@memlock,"
+          "@network-io,"
+          "@process,"
+          "@resources,"
+          "@setuid,"
+          "@signal,"
+          "@sync,"
+          "@timer,"
+#ifdef SYS_brk
+          "brk,"
+#endif
+#ifdef SYS_capget
+          "capget,"
+#endif
+#ifdef SYS_capset
+          "capset,"
+#endif
+#ifdef SYS_copy_file_range
+          "copy_file_range,"
+#endif
+#ifdef SYS_fadvise64
+          "fadvise64,"
+#endif
+#ifdef SYS_fadvise64_64
+          "fadvise64_64,"
+#endif
+#ifdef SYS_flock
+          "flock,"
+#endif
+#ifdef SYS_get_mempolicy
+          "get_mempolicy,"
+#endif
+#ifdef SYS_getcpu
+          "getcpu,"
+#endif
+#ifdef SYS_getpriority
+          "getpriority,"
+#endif
+#ifdef SYS_getrandom
+          "getrandom,"
+#endif
+#ifdef SYS_ioctl
+          "ioctl,"
+#endif
+#ifdef SYS_ioprio_get
+          "ioprio_get,"
+#endif
+#ifdef SYS_kcmp
+          "kcmp,"
+#endif
+#ifdef SYS_madvise
+          "madvise,"
+#endif
+#ifdef SYS_mprotect
+          "mprotect,"
+#endif
+#ifdef SYS_mremap
+          "mremap,"
+#endif
+#ifdef SYS_name_to_handle_at
+          "name_to_handle_at,"
+#endif
+#ifdef SYS_oldolduname
+          "oldolduname,"
+#endif
+#ifdef SYS_olduname
+          "olduname,"
+#endif
+#ifdef SYS_personality
+          "personality,"
+#endif
+#ifdef SYS_readahead
+          "readahead,"
+#endif
+#ifdef SYS_readdir
+          "readdir,"
+#endif
+#ifdef SYS_remap_file_pages
+          "remap_file_pages,"
+#endif
+#ifdef SYS_sched_get_priority_max
+          "sched_get_priority_max,"
+#endif
+#ifdef SYS_sched_get_priority_min
+          "sched_get_priority_min,"
+#endif
+#ifdef SYS_sched_getaffinity
+          "sched_getaffinity,"
+#endif
+#ifdef SYS_sched_getattr
+          "sched_getattr,"
+#endif
+#ifdef SYS_sched_getparam
+          "sched_getparam,"
+#endif
+#ifdef SYS_sched_getscheduler
+          "sched_getscheduler,"
+#endif
+#ifdef SYS_sched_rr_get_interval
+          "sched_rr_get_interval,"
+#endif
+#ifdef SYS_sched_yield
+          "sched_yield,"
+#endif
+#ifdef SYS_sendfile
+          "sendfile,"
+#endif
+#ifdef SYS_sendfile64
+          "sendfile64,"
+#endif
+#ifdef SYS_setfsgid
+          "setfsgid,"
+#endif
+#ifdef SYS_setfsgid32
+          "setfsgid32,"
+#endif
+#ifdef SYS_setfsuid
+          "setfsuid,"
+#endif
+#ifdef SYS_setfsuid32
+          "setfsuid32,"
+#endif
+#ifdef SYS_setpgid
+          "setpgid,"
+#endif
+#ifdef SYS_setsid
+          "setsid,"
+#endif
+#ifdef SYS_splice
+          "splice,"
+#endif
+#ifdef SYS_sysinfo
+          "sysinfo,"
+#endif
+#ifdef SYS_tee
+          "tee,"
+#endif
+#ifdef SYS_umask
+          "umask,"
+#endif
+#ifdef SYS_uname
+          "uname,"
+#endif
+#ifdef SYS_userfaultfd
+          "userfaultfd,"
+#endif
+#ifdef SYS_vmsplice
+          "vmsplice"
+#endif
+        },
+        { .name = "@timer", .list =
+#ifdef SYS_alarm
+          "alarm,"
+#endif
+#ifdef SYS_getitimer
+          "getitimer,"
+#endif
+#ifdef SYS_setitimer
+          "setitimer,"
+#endif
+#ifdef SYS_timer_create
+          "timer_create,"
+#endif
+#ifdef SYS_timer_delete
+          "timer_delete,"
+#endif
+#ifdef SYS_timer_getoverrun
+          "timer_getoverrun,"
+#endif
+#ifdef SYS_timer_gettime
+          "timer_gettime,"
+#endif
+#ifdef SYS_timer_settime
+          "timer_settime,"
+#endif
+#ifdef SYS_timerfd_create
+          "timerfd_create,"
+#endif
+#ifdef SYS_timerfd_gettime
+          "timerfd_gettime,"
+#endif
+#ifdef SYS_timerfd_settime
+          "timerfd_settime,"
+#endif
+#ifdef SYS_times
+          "times"
+#endif
        }
 };
author	netblue30 <netblue30@yahoo.com>	2019-08-29 14:50:57 -0500
committer	GitHub <noreply@github.com>	2019-08-29 14:50:57 -0500
commit	c80831aa7596e5937d4fd7650877bc83c43453e2 (patch)
tree	d77ad00b620d00b2aa545b7e556a902eb8f62f9f /src/fseccomp
parent	fix previous merge (diff)
parent	Add further seccomp groups (diff)
download	firejail-c80831aa7596e5937d4fd7650877bc83c43453e2.tar.gz firejail-c80831aa7596e5937d4fd7650877bc83c43453e2.tar.zst firejail-c80831aa7596e5937d4fd7650877bc83c43453e2.zip

diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index d31b719d6..5d83786bb 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c
@@ -50,6 +50,99 @@ static const SyscallEntry syslist[] = {
50	}; // end of syslist	50	}; // end of syslist
51		51
52	static const SyscallGroupList sysgroups[] = {	52	static const SyscallGroupList sysgroups[] = {
		53	{ .name = "@aio", .list =
		54	#ifdef SYS_io_cancel
		55	"io_cancel,"
		56	#endif
		57	#ifdef SYS_io_destroy
		58	"io_destroy,"
		59	#endif
		60	#ifdef SYS_io_getevents
		61	"io_getevents,"
		62	#endif
		63	#ifdef SYS_io_pgetevents
		64	"io_pgetevents,"
		65	#endif
		66	#ifdef SYS_io_setup
		67	"io_setup,"
		68	#endif
		69	#ifdef SYS_io_submit
		70	"io_submit"
		71	#endif
		72	},
		73	{ .name = "@basic-io", .list =
		74	#ifdef SYS__llseek
		75	"_llseek,"
		76	#endif
		77	#ifdef SYS_close
		78	"close,"
		79	#endif
		80	#ifdef SYS_dup
		81	"dup,"
		82	#endif
		83	#ifdef SYS_dup2
		84	"dup2,"
		85	#endif
		86	#ifdef SYS_dup3
		87	"dup3,"
		88	#endif
		89	#ifdef SYS_lseek
		90	"lseek,"
		91	#endif
		92	#ifdef SYS_pread64
		93	"pread64,"
		94	#endif
		95	#ifdef SYS_preadv
		96	"preadv,"
		97	#endif
		98	#ifdef SYS_preadv2
		99	"preadv2,"
		100	#endif
		101	#ifdef SYS_pwrite64
		102	"pwrite64,"
		103	#endif
		104	#ifdef SYS_pwritev
		105	"pwritev,"
		106	#endif
		107	#ifdef SYS_pwritev2
		108	"pwritev2,"
		109	#endif
		110	#ifdef SYS_read
		111	"read,"
		112	#endif
		113	#ifdef SYS_readv
		114	"readv,"
		115	#endif
		116	#ifdef SYS_write
		117	"write,"
		118	#endif
		119	#ifdef SYS_writev
		120	"writev"
		121	#endif
		122	},
		123	{ .name = "@chown", .list =
		124	#ifdef SYS_chown
		125	"chown,"
		126	#endif
		127	#ifdef SYS_chown32
		128	"chown32,"
		129	#endif
		130	#ifdef SYS_fchown
		131	"fchown,"
		132	#endif
		133	#ifdef SYS_fchown32
		134	"fchown32,"
		135	#endif
		136	#ifdef SYS_fchownat
		137	"fchownat,"
		138	#endif
		139	#ifdef SYS_lchown
		140	"lchown,"
		141	#endif
		142	#ifdef SYS_lchown32
		143	"lchown32"
		144	#endif
		145	},
53	{ .name = "@clock", .list =	146	{ .name = "@clock", .list =
54	#ifdef SYS_adjtimex	147	#ifdef SYS_adjtimex
55	"adjtimex,"	148	"adjtimex,"
@@ -190,6 +283,382 @@ static const SyscallGroupList sysgroups[] = {
190	"execve,"	283	"execve,"
191	"prctl"	284	"prctl"
192	},	285	},
		286	{ .name = "@file-system", .list =
		287	#ifdef SYS_access
		288	"access,"
		289	#endif
		290	#ifdef SYS_chdir
		291	"chdir,"
		292	#endif
		293	#ifdef SYS_chmod
		294	"chmod,"
		295	#endif
		296	#ifdef SYS_close
		297	"close,"
		298	#endif
		299	#ifdef SYS_creat
		300	"creat,"
		301	#endif
		302	#ifdef SYS_faccessat
		303	"faccessat,"
		304	#endif
		305	#ifdef SYS_fallocate
		306	"fallocate,"
		307	#endif
		308	#ifdef SYS_fchdir
		309	"fchdir,"
		310	#endif
		311	#ifdef SYS_fchmod
		312	"fchmod,"
		313	#endif
		314	#ifdef SYS_fchmodat
		315	"fchmodat,"
		316	#endif
		317	#ifdef SYS_fcntl
		318	"fcntl,"
		319	#endif
		320	#ifdef SYS_fcntl64
		321	"fcntl64,"
		322	#endif
		323	#ifdef SYS_fgetxattr
		324	"fgetxattr,"
		325	#endif
		326	#ifdef SYS_flistxattr
		327	"flistxattr,"
		328	#endif
		329	#ifdef SYS_fremovexattr
		330	"fremovexattr,"
		331	#endif
		332	#ifdef SYS_fsetxattr
		333	"fsetxattr,"
		334	#endif
		335	#ifdef SYS_fstat
		336	"fstat,"
		337	#endif
		338	#ifdef SYS_fstat64
		339	"fstat64,"
		340	#endif
		341	#ifdef SYS_fstatat64
		342	"fstatat64,"
		343	#endif
		344	#ifdef SYS_fstatfs
		345	"fstatfs,"
		346	#endif
		347	#ifdef SYS_fstatfs64
		348	"fstatfs64,"
		349	#endif
		350	#ifdef SYS_ftruncate
		351	"ftruncate,"
		352	#endif
		353	#ifdef SYS_ftruncate64
		354	"ftruncate64,"
		355	#endif
		356	#ifdef SYS_futimesat
		357	"futimesat,"
		358	#endif
		359	#ifdef SYS_getcwd
		360	"getcwd,"
		361	#endif
		362	#ifdef SYS_getdents
		363	"getdents,"
		364	#endif
		365	#ifdef SYS_getdents64
		366	"getdents64,"
		367	#endif
		368	#ifdef SYS_getxattr
		369	"getxattr,"
		370	#endif
		371	#ifdef SYS_inotify_add_watch
		372	"inotify_add_watch,"
		373	#endif
		374	#ifdef SYS_inotify_init
		375	"inotify_init,"
		376	#endif
		377	#ifdef SYS_inotify_init1
		378	"inotify_init1,"
		379	#endif
		380	#ifdef SYS_inotify_rm_watch
		381	"inotify_rm_watch,"
		382	#endif
		383	#ifdef SYS_lgetxattr
		384	"lgetxattr,"
		385	#endif
		386	#ifdef SYS_link
		387	"link,"
		388	#endif
		389	#ifdef SYS_linkat
		390	"linkat,"
		391	#endif
		392	#ifdef SYS_listxattr
		393	"listxattr,"
		394	#endif
		395	#ifdef SYS_llistxattr
		396	"llistxattr,"
		397	#endif
		398	#ifdef SYS_lremovexattr
		399	"lremovexattr,"
		400	#endif
		401	#ifdef SYS_lsetxattr
		402	"lsetxattr,"
		403	#endif
		404	#ifdef SYS_lstat
		405	"lstat,"
		406	#endif
		407	#ifdef SYS_lstat64
		408	"lstat64,"
		409	#endif
		410	#ifdef SYS_mkdir
		411	"mkdir,"
		412	#endif
		413	#ifdef SYS_mkdirat
		414	"mkdirat,"
		415	#endif
		416	#ifdef SYS_mknod
		417	"mknod,"
		418	#endif
		419	#ifdef SYS_mknodat
		420	"mknodat,"
		421	#endif
		422	#ifdef SYS_mmap
		423	"mmap,"
		424	#endif
		425	#ifdef SYS_mmap2
		426	"mmap2,"
		427	#endif
		428	#ifdef SYS_munmap
		429	"munmap,"
		430	#endif
		431	#ifdef SYS_newfstatat
		432	"newfstatat,"
		433	#endif
		434	#ifdef SYS_oldfstat
		435	"oldfstat,"
		436	#endif
		437	#ifdef SYS_oldlstat
		438	"oldlstat,"
		439	#endif
		440	#ifdef SYS_oldstat
		441	"oldstat,"
		442	#endif
		443	#ifdef SYS_open
		444	"open,"
		445	#endif
		446	#ifdef SYS_openat
		447	"openat,"
		448	#endif
		449	#ifdef SYS_readlink
		450	"readlink,"
		451	#endif
		452	#ifdef SYS_readlinkat
		453	"readlinkat,"
		454	#endif
		455	#ifdef SYS_removexattr
		456	"removexattr,"
		457	#endif
		458	#ifdef SYS_rename
		459	"rename,"
		460	#endif
		461	#ifdef SYS_renameat
		462	"renameat,"
		463	#endif
		464	#ifdef SYS_renameat2
		465	"renameat2,"
		466	#endif
		467	#ifdef SYS_rmdir
		468	"rmdir,"
		469	#endif
		470	#ifdef SYS_setxattr
		471	"setxattr,"
		472	#endif
		473	#ifdef SYS_stat
		474	"stat,"
		475	#endif
		476	#ifdef SYS_stat64
		477	"stat64,"
		478	#endif
		479	#ifdef SYS_statfs
		480	"statfs,"
		481	#endif
		482	#ifdef SYS_statfs64
		483	"statfs64,"
		484	#endif
		485	#ifdef SYS_statx
		486	"statx,"
		487	#endif
		488	#ifdef SYS_symlink
		489	"symlink,"
		490	#endif
		491	#ifdef SYS_symlinkat
		492	"symlinkat,"
		493	#endif
		494	#ifdef SYS_truncate
		495	"truncate,"
		496	#endif
		497	#ifdef SYS_truncate64
		498	"truncate64,"
		499	#endif
		500	#ifdef SYS_unlink
		501	"unlink,"
		502	#endif
		503	#ifdef SYS_unlinkat
		504	"unlinkat,"
		505	#endif
		506	#ifdef SYS_utime
		507	"utime,"
		508	#endif
		509	#ifdef SYS_utimensat
		510	"utimensat,"
		511	#endif
		512	#ifdef SYS_utimes
		513	"utimes"
		514	#endif
		515	},
		516	{ .name = "@io-event", .list =
		517	#ifdef SYS__newselect
		518	"_newselect,"
		519	#endif
		520	#ifdef SYS_epoll_create
		521	"epoll_create,"
		522	#endif
		523	#ifdef SYS_epoll_create1
		524	"epoll_create1,"
		525	#endif
		526	#ifdef SYS_epoll_ctl
		527	"epoll_ctl,"
		528	#endif
		529	#ifdef SYS_epoll_ctl_old
		530	"epoll_ctl_old,"
		531	#endif
		532	#ifdef SYS_epoll_pwait
		533	"epoll_pwait,"
		534	#endif
		535	#ifdef SYS_epoll_wait
		536	"epoll_wait,"
		537	#endif
		538	#ifdef SYS_epoll_wait_old
		539	"epoll_wait_old,"
		540	#endif
		541	#ifdef SYS_eventfd
		542	"eventfd,"
		543	#endif
		544	#ifdef SYS_eventfd2
		545	"eventfd2,"
		546	#endif
		547	#ifdef SYS_poll
		548	"poll,"
		549	#endif
		550	#ifdef SYS_ppoll
		551	"ppoll,"
		552	#endif
		553	#ifdef SYS_pselect6
		554	"pselect6,"
		555	#endif
		556	#ifdef SYS_select
		557	"select"
		558	#endif
		559	},
		560	{ .name = "@ipc", .list =
		561	#ifdef SYS_ipc
		562	"ipc,"
		563	#endif
		564	#ifdef SYS_memfd_create
		565	"memfd_create,"
		566	#endif
		567	#ifdef SYS_mq_getsetattr
		568	"mq_getsetattr,"
		569	#endif
		570	#ifdef SYS_mq_notify
		571	"mq_notify,"
		572	#endif
		573	#ifdef SYS_mq_open
		574	"mq_open,"
		575	#endif
		576	#ifdef SYS_mq_timedreceive
		577	"mq_timedreceive,"
		578	#endif
		579	#ifdef SYS_mq_timedsend
		580	"mq_timedsend,"
		581	#endif
		582	#ifdef SYS_mq_unlink
		583	"mq_unlink,"
		584	#endif
		585	#ifdef SYS_msgctl
		586	"msgctl,"
		587	#endif
		588	#ifdef SYS_msgget
		589	"msgget,"
		590	#endif
		591	#ifdef SYS_msgrcv
		592	"msgrcv,"
		593	#endif
		594	#ifdef SYS_msgsnd
		595	"msgsnd,"
		596	#endif
		597	#ifdef SYS_pipe
		598	"pipe,"
		599	#endif
		600	#ifdef SYS_pipe2
		601	"pipe2,"
		602	#endif
		603	#ifdef SYS_process_vm_readv
		604	"process_vm_readv,"
		605	#endif
		606	#ifdef SYS_process_vm_writev
		607	"process_vm_writev,"
		608	#endif
		609	#ifdef SYS_semctl
		610	"semctl,"
		611	#endif
		612	#ifdef SYS_semget
		613	"semget,"
		614	#endif
		615	#ifdef SYS_semop
		616	"semop,"
		617	#endif
		618	#ifdef SYS_semtimedop
		619	"semtimedop,"
		620	#endif
		621	#ifdef SYS_shmat
		622	"shmat,"
		623	#endif
		624	#ifdef SYS_shmctl
		625	"shmctl,"
		626	#endif
		627	#ifdef SYS_shmdt
		628	"shmdt,"
		629	#endif
		630	#ifdef SYS_shmget
		631	"shmget"
		632	#endif
		633	},
		634	{ .name = "@keyring", .list =
		635	#ifdef SYS_add_key
		636	"add_key,"
		637	#endif
		638	#ifdef SYS_keyctl
		639	"keyctl,"
		640	#endif
		641	#ifdef SYS_request_key
		642	"request_key"
		643	#endif
		644	},
		645	{ .name = "@memlock", .list =
		646	#ifdef SYS_mlock
		647	"mlock,"
		648	#endif
		649	#ifdef SYS_mlock2
		650	"mlock2,"
		651	#endif
		652	#ifdef SYS_mlockall
		653	"mlockall,"
		654	#endif
		655	#ifdef SYS_munlock
		656	"munlock,"
		657	#endif
		658	#ifdef SYS_munlockall
		659	"munlockall"
		660	#endif
		661	},
193	{ .name = "@module", .list =	662	{ .name = "@module", .list =
194	#ifdef SYS_delete_module	663	#ifdef SYS_delete_module
195	"delete_module,"	664	"delete_module,"
@@ -201,6 +670,88 @@ static const SyscallGroupList sysgroups[] = {
201	"init_module"	670	"init_module"
202	#endif	671	#endif
203	},	672	},
		673	{ .name = "@mount", .list =
		674	#ifdef SYS_chroot
		675	"chroot,"
		676	#endif
		677	#ifdef SYS_mount
		678	"mount,"
		679	#endif
		680	#ifdef SYS_pivot_root
		681	"pivot_root,"
		682	#endif
		683	#ifdef SYS_umount
		684	"umount,"
		685	#endif
		686	#ifdef SYS_umount2
		687	"umount2"
		688	#endif
		689	},
		690	{ .name = "@network-io", .list =
		691	#ifdef SYS_accept
		692	"accept,"
		693	#endif
		694	#ifdef SYS_accept4
		695	"accept4,"
		696	#endif
		697	#ifdef SYS_bind
		698	"bind,"
		699	#endif
		700	#ifdef SYS_connect
		701	"connect,"
		702	#endif
		703	#ifdef SYS_getpeername
		704	"getpeername,"
		705	#endif
		706	#ifdef SYS_getsockname
		707	"getsockname,"
		708	#endif
		709	#ifdef SYS_getsockopt
		710	"getsockopt,"
		711	#endif
		712	#ifdef SYS_listen
		713	"listen,"
		714	#endif
		715	#ifdef SYS_recv
		716	"recv,"
		717	#endif
		718	#ifdef SYS_recvfrom
		719	"recvfrom,"
		720	#endif
		721	#ifdef SYS_recvmmsg
		722	"recvmmsg,"
		723	#endif
		724	#ifdef SYS_recvmsg
		725	"recvmsg,"
		726	#endif
		727	#ifdef SYS_send
		728	"send,"
		729	#endif
		730	#ifdef SYS_sendmmsg
		731	"sendmmsg,"
		732	#endif
		733	#ifdef SYS_sendmsg
		734	"sendmsg,"
		735	#endif
		736	#ifdef SYS_sendto
		737	"sendto,"
		738	#endif
		739	#ifdef SYS_setsockopt
		740	"setsockopt,"
		741	#endif
		742	#ifdef SYS_shutdown
		743	"shutdown,"
		744	#endif
		745	#ifdef SYS_socket
		746	"socket,"
		747	#endif
		748	#ifdef SYS_socketcall
		749	"socketcall,"
		750	#endif
		751	#ifdef SYS_socketpair
		752	"socketpair"
		753	#endif
		754	},
204	{ .name = "@obsolete", .list =	755	{ .name = "@obsolete", .list =
205	#ifdef SYS__sysctl	756	#ifdef SYS__sysctl
206	"_sysctl,"	757	"_sysctl,"
@@ -229,6 +780,9 @@ static const SyscallGroupList sysgroups[] = {
229	#ifdef SYS_gtty	780	#ifdef SYS_gtty
230	"gtty,"	781	"gtty,"
231	#endif	782	#endif
		783	#ifdef SYS_idle
		784	"idle,"
		785	#endif
232	#ifdef SYS_lock	786	#ifdef SYS_lock
233	"lock,"	787	"lock,"
234	#endif	788	#endif
@@ -282,35 +836,81 @@ static const SyscallGroupList sysgroups[] = {
282	#endif	836	#endif
283	},	837	},
284	{ .name = "@privileged", .list =	838	{ .name = "@privileged", .list =
		839	"@chown,"
285	"@clock,"	840	"@clock,"
286	"@module,"	841	"@module,"
287	"@raw-io,"	842	"@raw-io,"
288	"@reboot,"	843	"@reboot,"
289	"@swap,"	844	"@swap,"
		845	#ifdef SYS__sysctl
		846	"_sysctl,"
		847	#endif
290	#ifdef SYS_acct	848	#ifdef SYS_acct
291	"acct,"	849	"acct,"
292	#endif	850	#endif
293	#ifdef SYS_bpf	851	#ifdef SYS_bpf
294	"bpf,"	852	"bpf,"
295	#endif	853	#endif
		854	#ifdef SYS_capset
		855	"capset,"
		856	#endif
296	#ifdef SYS_chroot	857	#ifdef SYS_chroot
297	"chroot,"	858	"chroot,"
298	#endif	859	#endif
		860	#ifdef SYS_fanotify_init
		861	"fanotify_init,"
		862	#endif
299	#ifdef SYS_mount	863	#ifdef SYS_mount
300	"mount,"	864	"mount,"
301	#endif	865	#endif
302	#ifdef SYS_nfsservctl	866	#ifdef SYS_nfsservctl
303	"nfsservctl,"	867	"nfsservctl,"
304	#endif	868	#endif
		869	#ifdef SYS_open_by_handle_at
		870	"open_by_handle_at,"
		871	#endif
305	#ifdef SYS_pivot_root	872	#ifdef SYS_pivot_root
306	"pivot_root,"	873	"pivot_root,"
307	#endif	874	#endif
		875	#ifdef SYS_quotactl
		876	"quotactl,"
		877	#endif
308	#ifdef SYS_setdomainname	878	#ifdef SYS_setdomainname
309	"setdomainname,"	879	"setdomainname,"
310	#endif	880	#endif
		881	#ifdef SYS_setfsuid
		882	"setfsuid,"
		883	#endif
		884	#ifdef SYS_setfsuid32
		885	"setfsuid32,"
		886	#endif
		887	#ifdef SYS_setgroups
		888	"setgroups,"
		889	#endif
		890	#ifdef SYS_setgroups32
		891	"setgroups32,"
		892	#endif
311	#ifdef SYS_sethostname	893	#ifdef SYS_sethostname
312	"sethostname,"	894	"sethostname,"
313	#endif	895	#endif
		896	#ifdef SYS_setresuid
		897	"setresuid,"
		898	#endif
		899	#ifdef SYS_setresuid32
		900	"setresuid32,"
		901	#endif
		902	#ifdef SYS_setreuid
		903	"setreuid,"
		904	#endif
		905	#ifdef SYS_setreuid32
		906	"setreuid32,"
		907	#endif
		908	#ifdef SYS_setuid
		909	"setuid,"
		910	#endif
		911	#ifdef SYS_setuid32
		912	"setuid32,"
		913	#endif
314	#ifdef SYS_umount2	914	#ifdef SYS_umount2
315	"umount2,"	915	"umount2,"
316	#endif	916	#endif
@@ -318,6 +918,71 @@ static const SyscallGroupList sysgroups[] = {
318	"vhangup"	918	"vhangup"
319	#endif	919	#endif
320	},	920	},
		921	{ .name = "@process", .list =
		922	#ifdef SYS_arch_prctl
		923	"arch_prctl,"
		924	#endif
		925	#ifdef SYS_capget
		926	"capget,"
		927	#endif
		928	#ifdef SYS_clone
		929	"clone,"
		930	#endif
		931	#ifdef SYS_execveat
		932	"execveat,"
		933	#endif
		934	#ifdef SYS_fork
		935	"fork,"
		936	#endif
		937	#ifdef SYS_getrusage
		938	"getrusage,"
		939	#endif
		940	#ifdef SYS_kill
		941	"kill,"
		942	#endif
		943	#ifdef SYS_pidfd_send_signal
		944	"pidfd_send_signal,"
		945	#endif
		946	#ifdef SYS_prctl
		947	"prctl,"
		948	#endif
		949	#ifdef SYS_rt_sigqueueinfo
		950	"rt_sigqueueinfo,"
		951	#endif
		952	#ifdef SYS_rt_tgsigqueueinfo
		953	"rt_tgsigqueueinfo,"
		954	#endif
		955	#ifdef SYS_setns
		956	"setns,"
		957	#endif
		958	#ifdef SYS_swapcontext
		959	"swapcontext,"
		960	#endif
		961	#ifdef SYS_tgkill
		962	"tgkill,"
		963	#endif
		964	#ifdef SYS_times
		965	"times,"
		966	#endif
		967	#ifdef SYS_tkill
		968	"tkill,"
		969	#endif
		970	#ifdef SYS_unshare
		971	"unshare,"
		972	#endif
		973	#ifdef SYS_vfork
		974	"vfork,"
		975	#endif
		976	#ifdef SYS_wait4
		977	"wait4,"
		978	#endif
		979	#ifdef SYS_waitid
		980	"waitid,"
		981	#endif
		982	#ifdef SYS_waitpid
		983	"waitpid"
		984	#endif
		985	},
321	{ .name = "@raw-io", .list =	986	{ .name = "@raw-io", .list =
322	#ifdef SYS_ioperm	987	#ifdef SYS_ioperm
323	"ioperm,"	988	"ioperm,"
@@ -356,8 +1021,11 @@ static const SyscallGroupList sysgroups[] = {
356	#endif	1021	#endif
357	},	1022	},
358	{ .name = "@resources", .list =	1023	{ .name = "@resources", .list =
359	#ifdef SYS_set_mempolicy	1024	#ifdef SYS_ioprio_set
360	"set_mempolicy,"	1025	"ioprio_set,"
		1026	#endif
		1027	#ifdef SYS_mbind
		1028	"mbind,"
361	#endif	1029	#endif
362	#ifdef SYS_migrate_pages	1030	#ifdef SYS_migrate_pages
363	"migrate_pages,"	1031	"migrate_pages,"
@@ -365,8 +1033,108 @@ static const SyscallGroupList sysgroups[] = {
365	#ifdef SYS_move_pages	1033	#ifdef SYS_move_pages
366	"move_pages,"	1034	"move_pages,"
367	#endif	1035	#endif
368	#ifdef SYS_mbind	1036	#ifdef SYS_nice
369	"mbind"	1037	"nice,"
		1038	#endif
		1039	#ifdef SYS_sched_setaffinity
		1040	"sched_setaffinity,"
		1041	#endif
		1042	#ifdef SYS_sched_setattr
		1043	"sched_setattr,"
		1044	#endif
		1045	#ifdef SYS_sched_setparam
		1046	"sched_setparam,"
		1047	#endif
		1048	#ifdef SYS_sched_setscheduler
		1049	"sched_setscheduler,"
		1050	#endif
		1051	#ifdef SYS_set_mempolicy
		1052	"set_mempolicy"
		1053	#endif
		1054	},
		1055	{ .name = "@setuid", .list =
		1056	#ifdef SYS_setgid
		1057	"setgid,"
		1058	#endif
		1059	#ifdef SYS_setgid32
		1060	"setgid32,"
		1061	#endif
		1062	#ifdef SYS_setgroups
		1063	"setgroups,"
		1064	#endif
		1065	#ifdef SYS_setgroups32
		1066	"setgroups32,"
		1067	#endif
		1068	#ifdef SYS_setregid
		1069	"setregid,"
		1070	#endif
		1071	#ifdef SYS_setregid32
		1072	"setregid32,"
		1073	#endif
		1074	#ifdef SYS_setresgid
		1075	"setresgid,"
		1076	#endif
		1077	#ifdef SYS_setresgid32
		1078	"setresgid32,"
		1079	#endif
		1080	#ifdef SYS_setresuid
		1081	"setresuid,"
		1082	#endif
		1083	#ifdef SYS_setresuid32
		1084	"setresuid32,"
		1085	#endif
		1086	#ifdef SYS_setreuid
		1087	"setreuid,"
		1088	#endif
		1089	#ifdef SYS_setreuid32
		1090	"setreuid32,"
		1091	#endif
		1092	#ifdef SYS_setuid
		1093	"setuid,"
		1094	#endif
		1095	#ifdef SYS_setuid32
		1096	"setuid32"
		1097	#endif
		1098	},
		1099	{ .name = "@signal", .list =
		1100	#ifdef SYS_rt_sigaction
		1101	"rt_sigaction,"
		1102	#endif
		1103	#ifdef SYS_rt_sigpending
		1104	"rt_sigpending,"
		1105	#endif
		1106	#ifdef SYS_rt_sigprocmask
		1107	"rt_sigprocmask,"
		1108	#endif
		1109	#ifdef SYS_rt_sigsuspend
		1110	"rt_sigsuspend,"
		1111	#endif
		1112	#ifdef SYS_rt_sigtimedwait
		1113	"rt_sigtimedwait,"
		1114	#endif
		1115	#ifdef SYS_sigaction
		1116	"sigaction,"
		1117	#endif
		1118	#ifdef SYS_sigaltstack
		1119	"sigaltstack,"
		1120	#endif
		1121	#ifdef SYS_signal
		1122	"signal,"
		1123	#endif
		1124	#ifdef SYS_signalfd
		1125	"signalfd,"
		1126	#endif
		1127	#ifdef SYS_signalfd4
		1128	"signalfd4,"
		1129	#endif
		1130	#ifdef SYS_sigpending
		1131	"sigpending,"
		1132	#endif
		1133	#ifdef SYS_sigprocmask
		1134	"sigprocmask,"
		1135	#endif
		1136	#ifdef SYS_sigsuspend
		1137	"sigsuspend"
370	#endif	1138	#endif
371	},	1139	},
372	{ .name = "@swap", .list =	1140	{ .name = "@swap", .list =
@@ -376,6 +1144,226 @@ static const SyscallGroupList sysgroups[] = {
376	#ifdef SYS_swapoff	1144	#ifdef SYS_swapoff
377	"swapoff"	1145	"swapoff"
378	#endif	1146	#endif
		1147	},
		1148	{ .name = "@sync", .list =
		1149	#ifdef SYS_fdatasync
		1150	"fdatasync,"
		1151	#endif
		1152	#ifdef SYS_fsync
		1153	"fsync,"
		1154	#endif
		1155	#ifdef SYS_msync
		1156	"msync,"
		1157	#endif
		1158	#ifdef SYS_sync
		1159	"sync,"
		1160	#endif
		1161	#ifdef SYS_sync_file_range
		1162	"sync_file_range,"
		1163	#endif
		1164	#ifdef SYS_sync_file_range2
		1165	"sync_file_range2,"
		1166	#endif
		1167	#ifdef SYS_syncfs
		1168	"syncfs"
		1169	#endif
		1170	},
		1171	{ .name = "@system-service", .list =
		1172	"@aio,"
		1173	"@basic-io,"
		1174	"@chown,"
		1175	"@default,"
		1176	"@file-system,"
		1177	"@io-event,"
		1178	"@ipc,"
		1179	"@keyring,"
		1180	"@memlock,"
		1181	"@network-io,"
		1182	"@process,"
		1183	"@resources,"
		1184	"@setuid,"
		1185	"@signal,"
		1186	"@sync,"
		1187	"@timer,"
		1188	#ifdef SYS_brk
		1189	"brk,"
		1190	#endif
		1191	#ifdef SYS_capget
		1192	"capget,"
		1193	#endif
		1194	#ifdef SYS_capset
		1195	"capset,"
		1196	#endif
		1197	#ifdef SYS_copy_file_range
		1198	"copy_file_range,"
		1199	#endif
		1200	#ifdef SYS_fadvise64
		1201	"fadvise64,"
		1202	#endif
		1203	#ifdef SYS_fadvise64_64
		1204	"fadvise64_64,"
		1205	#endif
		1206	#ifdef SYS_flock
		1207	"flock,"
		1208	#endif
		1209	#ifdef SYS_get_mempolicy
		1210	"get_mempolicy,"
		1211	#endif
		1212	#ifdef SYS_getcpu
		1213	"getcpu,"
		1214	#endif
		1215	#ifdef SYS_getpriority
		1216	"getpriority,"
		1217	#endif
		1218	#ifdef SYS_getrandom
		1219	"getrandom,"
		1220	#endif
		1221	#ifdef SYS_ioctl
		1222	"ioctl,"
		1223	#endif
		1224	#ifdef SYS_ioprio_get
		1225	"ioprio_get,"
		1226	#endif
		1227	#ifdef SYS_kcmp
		1228	"kcmp,"
		1229	#endif
		1230	#ifdef SYS_madvise
		1231	"madvise,"
		1232	#endif
		1233	#ifdef SYS_mprotect
		1234	"mprotect,"
		1235	#endif
		1236	#ifdef SYS_mremap
		1237	"mremap,"
		1238	#endif
		1239	#ifdef SYS_name_to_handle_at
		1240	"name_to_handle_at,"
		1241	#endif
		1242	#ifdef SYS_oldolduname
		1243	"oldolduname,"
		1244	#endif
		1245	#ifdef SYS_olduname
		1246	"olduname,"
		1247	#endif
		1248	#ifdef SYS_personality
		1249	"personality,"
		1250	#endif
		1251	#ifdef SYS_readahead
		1252	"readahead,"
		1253	#endif
		1254	#ifdef SYS_readdir
		1255	"readdir,"
		1256	#endif
		1257	#ifdef SYS_remap_file_pages
		1258	"remap_file_pages,"
		1259	#endif
		1260	#ifdef SYS_sched_get_priority_max
		1261	"sched_get_priority_max,"
		1262	#endif
		1263	#ifdef SYS_sched_get_priority_min
		1264	"sched_get_priority_min,"
		1265	#endif
		1266	#ifdef SYS_sched_getaffinity
		1267	"sched_getaffinity,"
		1268	#endif
		1269	#ifdef SYS_sched_getattr
		1270	"sched_getattr,"
		1271	#endif
		1272	#ifdef SYS_sched_getparam
		1273	"sched_getparam,"
		1274	#endif
		1275	#ifdef SYS_sched_getscheduler
		1276	"sched_getscheduler,"
		1277	#endif
		1278	#ifdef SYS_sched_rr_get_interval
		1279	"sched_rr_get_interval,"
		1280	#endif
		1281	#ifdef SYS_sched_yield
		1282	"sched_yield,"
		1283	#endif
		1284	#ifdef SYS_sendfile
		1285	"sendfile,"
		1286	#endif
		1287	#ifdef SYS_sendfile64
		1288	"sendfile64,"
		1289	#endif
		1290	#ifdef SYS_setfsgid
		1291	"setfsgid,"
		1292	#endif
		1293	#ifdef SYS_setfsgid32
		1294	"setfsgid32,"
		1295	#endif
		1296	#ifdef SYS_setfsuid
		1297	"setfsuid,"
		1298	#endif
		1299	#ifdef SYS_setfsuid32
		1300	"setfsuid32,"
		1301	#endif
		1302	#ifdef SYS_setpgid
		1303	"setpgid,"
		1304	#endif
		1305	#ifdef SYS_setsid
		1306	"setsid,"
		1307	#endif
		1308	#ifdef SYS_splice
		1309	"splice,"
		1310	#endif
		1311	#ifdef SYS_sysinfo
		1312	"sysinfo,"
		1313	#endif
		1314	#ifdef SYS_tee
		1315	"tee,"
		1316	#endif
		1317	#ifdef SYS_umask
		1318	"umask,"
		1319	#endif
		1320	#ifdef SYS_uname
		1321	"uname,"
		1322	#endif
		1323	#ifdef SYS_userfaultfd
		1324	"userfaultfd,"
		1325	#endif
		1326	#ifdef SYS_vmsplice
		1327	"vmsplice"
		1328	#endif
		1329	},
		1330	{ .name = "@timer", .list =
		1331	#ifdef SYS_alarm
		1332	"alarm,"
		1333	#endif
		1334	#ifdef SYS_getitimer
		1335	"getitimer,"
		1336	#endif
		1337	#ifdef SYS_setitimer
		1338	"setitimer,"
		1339	#endif
		1340	#ifdef SYS_timer_create
		1341	"timer_create,"
		1342	#endif
		1343	#ifdef SYS_timer_delete
		1344	"timer_delete,"
		1345	#endif
		1346	#ifdef SYS_timer_getoverrun
		1347	"timer_getoverrun,"
		1348	#endif
		1349	#ifdef SYS_timer_gettime
		1350	"timer_gettime,"
		1351	#endif
		1352	#ifdef SYS_timer_settime
		1353	"timer_settime,"
		1354	#endif
		1355	#ifdef SYS_timerfd_create
		1356	"timerfd_create,"
		1357	#endif
		1358	#ifdef SYS_timerfd_gettime
		1359	"timerfd_gettime,"
		1360	#endif
		1361	#ifdef SYS_timerfd_settime
		1362	"timerfd_settime,"
		1363	#endif
		1364	#ifdef SYS_times
		1365	"times"
		1366	#endif
379	}	1367	}
380	};	1368	};
381		1369