0ebe75b2ca
Complete infrastructure platform CLI: - Container runtime (systemd-nspawn) - VoltVisor VMs (Neutron Stardust / QEMU) - Stellarium CAS (content-addressed storage) - ORAS Registry - GitOps integration - Landlock LSM security - Compose orchestration - Mesh networking Copyright (c) Armored Gates LLC. All rights reserved. Licensed under AGPSL v5.0
170 lines
4.9 KiB
JSON
170 lines
4.9 KiB
JSON
{
|
|
"defaultAction": "SCMP_ACT_ERRNO",
|
|
"defaultErrnoRet": 1,
|
|
"archMap": [
|
|
{
|
|
"architecture": "SCMP_ARCH_X86_64",
|
|
"subArchitectures": ["SCMP_ARCH_X86", "SCMP_ARCH_X32"]
|
|
}
|
|
],
|
|
"syscalls": [
|
|
{
|
|
"names": [
|
|
"accept", "accept4",
|
|
"access", "faccessat", "faccessat2",
|
|
"bind",
|
|
"brk",
|
|
"capget", "capset",
|
|
"chdir", "fchdir",
|
|
"chmod", "fchmod", "fchmodat",
|
|
"chown", "fchown", "fchownat", "lchown",
|
|
"clock_getres", "clock_gettime", "clock_nanosleep",
|
|
"clone", "clone3",
|
|
"close", "close_range",
|
|
"connect",
|
|
"copy_file_range",
|
|
"dup", "dup2", "dup3",
|
|
"epoll_create", "epoll_create1", "epoll_ctl", "epoll_pwait", "epoll_wait",
|
|
"eventfd", "eventfd2",
|
|
"execve", "execveat",
|
|
"exit", "exit_group",
|
|
"fadvise64",
|
|
"fallocate",
|
|
"fcntl",
|
|
"fdatasync",
|
|
"flock",
|
|
"fork",
|
|
"fstat", "fstatat64", "fstatfs", "fstatfs64",
|
|
"fsync",
|
|
"ftruncate",
|
|
"futex",
|
|
"getcpu",
|
|
"getcwd",
|
|
"getdents", "getdents64",
|
|
"getegid", "geteuid", "getgid", "getgroups",
|
|
"getitimer",
|
|
"getpeername",
|
|
"getpgid", "getpgrp", "getpid", "getppid",
|
|
"getpriority",
|
|
"getrandom",
|
|
"getresgid", "getresuid",
|
|
"getrlimit",
|
|
"getrusage",
|
|
"getsid",
|
|
"getsockname", "getsockopt",
|
|
"gettid",
|
|
"gettimeofday",
|
|
"getuid",
|
|
"inotify_add_watch", "inotify_init", "inotify_init1", "inotify_rm_watch",
|
|
"io_cancel", "io_destroy", "io_getevents", "io_setup", "io_submit",
|
|
"ioctl",
|
|
"kill",
|
|
"lgetxattr", "listxattr", "llistxattr",
|
|
"listen",
|
|
"lseek",
|
|
"lstat",
|
|
"madvise",
|
|
"memfd_create",
|
|
"mincore",
|
|
"mkdir", "mkdirat",
|
|
"mknod", "mknodat",
|
|
"mlock", "mlock2", "mlockall",
|
|
"mmap",
|
|
"mount",
|
|
"mprotect",
|
|
"mremap",
|
|
"msgctl", "msgget", "msgrcv", "msgsnd",
|
|
"msync",
|
|
"munlock", "munlockall",
|
|
"munmap",
|
|
"nanosleep",
|
|
"newfstatat",
|
|
"open", "openat", "openat2",
|
|
"pause",
|
|
"pipe", "pipe2",
|
|
"poll", "ppoll",
|
|
"prctl",
|
|
"pread64", "preadv", "preadv2",
|
|
"prlimit64",
|
|
"pselect6",
|
|
"pwrite64", "pwritev", "pwritev2",
|
|
"read", "readahead", "readlink", "readlinkat", "readv",
|
|
"recv", "recvfrom", "recvmmsg", "recvmsg",
|
|
"rename", "renameat", "renameat2",
|
|
"restart_syscall",
|
|
"rmdir",
|
|
"rt_sigaction", "rt_sigpending", "rt_sigprocmask", "rt_sigqueueinfo",
|
|
"rt_sigreturn", "rt_sigsuspend", "rt_sigtimedwait", "rt_tgsigqueueinfo",
|
|
"sched_getaffinity", "sched_getattr", "sched_getparam", "sched_getscheduler",
|
|
"sched_get_priority_max", "sched_get_priority_min",
|
|
"sched_setaffinity", "sched_setattr", "sched_setparam", "sched_setscheduler",
|
|
"sched_yield",
|
|
"seccomp",
|
|
"select",
|
|
"semctl", "semget", "semop", "semtimedop",
|
|
"send", "sendfile", "sendmmsg", "sendmsg", "sendto",
|
|
"set_robust_list",
|
|
"set_tid_address",
|
|
"setfsgid", "setfsuid",
|
|
"setgid", "setgroups",
|
|
"setitimer",
|
|
"setpgid", "setpriority",
|
|
"setregid", "setresgid", "setresuid", "setreuid",
|
|
"setsid",
|
|
"setsockopt",
|
|
"setuid",
|
|
"shmat", "shmctl", "shmdt", "shmget",
|
|
"shutdown",
|
|
"sigaltstack",
|
|
"signalfd", "signalfd4",
|
|
"socket", "socketpair",
|
|
"splice",
|
|
"stat", "statfs", "statx",
|
|
"symlink", "symlinkat",
|
|
"sync", "syncfs", "sync_file_range",
|
|
"sysinfo",
|
|
"tee",
|
|
"tgkill", "tkill",
|
|
"truncate",
|
|
"umask",
|
|
"umount2",
|
|
"uname",
|
|
"unlink", "unlinkat",
|
|
"utime", "utimensat", "utimes",
|
|
"vfork",
|
|
"vmsplice",
|
|
"wait4", "waitid", "waitpid",
|
|
"write", "writev"
|
|
],
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"names": ["personality"],
|
|
"action": "SCMP_ACT_ALLOW",
|
|
"args": [
|
|
{"index": 0, "value": 0, "op": "SCMP_CMP_EQ"},
|
|
{"index": 0, "value": 8, "op": "SCMP_CMP_EQ"},
|
|
{"index": 0, "value": 131072, "op": "SCMP_CMP_EQ"},
|
|
{"index": 0, "value": 131080, "op": "SCMP_CMP_EQ"},
|
|
{"index": 0, "value": 4294967295, "op": "SCMP_CMP_EQ"}
|
|
]
|
|
},
|
|
{
|
|
"names": ["arch_prctl"],
|
|
"action": "SCMP_ACT_ALLOW",
|
|
"args": [
|
|
{"index": 0, "value": 4098, "op": "SCMP_CMP_EQ"}
|
|
]
|
|
},
|
|
{
|
|
"names": ["socket"],
|
|
"action": "SCMP_ACT_ALLOW",
|
|
"args": [
|
|
{"index": 0, "value": 1, "op": "SCMP_CMP_EQ"},
|
|
{"index": 0, "value": 2, "op": "SCMP_CMP_EQ"},
|
|
{"index": 0, "value": 10, "op": "SCMP_CMP_EQ"}
|
|
]
|
|
}
|
|
]
|
|
}
|