diff options
Diffstat (limited to 'etc/templates/syscalls.txt')
-rw-r--r-- | etc/templates/syscalls.txt | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/etc/templates/syscalls.txt b/etc/templates/syscalls.txt new file mode 100644 index 000000000..ec8247517 --- /dev/null +++ b/etc/templates/syscalls.txt | |||
@@ -0,0 +1,43 @@ | |||
1 | Hints for writing seccomp.drop lines | ||
2 | ==================================== | ||
3 | |||
4 | @clock=adjtimex,clock_adjtime,clock_settime,settimeofday,stime | ||
5 | @module=delete_module,finit_module,init_module | ||
6 | @raw-io=ioperm,iopl,pciconfig_iobase,pciconfig_read,pciconfig_write,s390_mmio_read,s390_mmio_write | ||
7 | @reboot=kexec_load,kexec_file_load,reboot, | ||
8 | @swap=swapon,swapoff | ||
9 | |||
10 | @privileged=@clock,@module,@raw-io,@reboot,@swap,acct,bpf,chroot,mount,nfsservctl,pivot_root,setdomainname,sethostname,umount2,vhangup | ||
11 | |||
12 | @cpu-emulation=modify_ldt,subpage_prot,switch_endian,vm86,vm86old | ||
13 | @debug=lookup_dcookie,perf_event_open,process_vm_writev,rtas,s390_runtime_instr,sys_debug_setcontext | ||
14 | @obsolete=_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver | ||
15 | @resources=set_mempolicy,migrate_pages,move_pages,mbind | ||
16 | |||
17 | @default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,kcmp,add_key,request_key,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,vmsplice,umount,userfaultfd,mincore | ||
18 | |||
19 | @default-nodebuggers=@default,ptrace,personality,process_vm_readv | ||
20 | |||
21 | @default-keep=execve,prctl | ||
22 | |||
23 | |||
24 | +---------+----------------+---------------+ | ||
25 | | @clock | @cpu-emulation | @default-keep | | ||
26 | | @module | @debug | | | ||
27 | | @raw-io | @obsolete | | | ||
28 | | @reboot | @resources | | | ||
29 | | @swap | | | | ||
30 | +---------+----------------+---------------+ | ||
31 | : : | ||
32 | +-------------+ : | ||
33 | | @privileged | : | ||
34 | +-------------+ : | ||
35 | : : | ||
36 | +----------+ : | ||
37 | | @default |........: | ||
38 | +----------+ | ||
39 | : | ||
40 | +----------------------+ | ||
41 | | @default-nodebuggers | | ||
42 | +----------------------+ | ||
43 | |||