Skip to content

Instantly share code, notes, and snippets.

@briangordon

briangordon/chrome.json

Created February 2, 2020 06:53
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save briangordon/191d0caab94879df61cc901a72cb82b0 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save briangordon/191d0caab94879df61cc901a72cb82b0 to your computer and use it in GitHub Desktop.
Download ZIP
Jess Frazelle's Google Chrome seccomp profile combined with the default docker profile
Raw
chrome.json
{
"defaultAction": "SCMP_ACT_ERRNO",
"syscalls": [
{
"name": "accept",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "accept4",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "access",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "alarm",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "arch_prctl",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "bind",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "brk",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "capget",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "capset",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "chdir",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "chmod",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "chown",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "chown32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "chroot",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "clock_getres",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "clock_gettime",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "clock_nanosleep",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "clone",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "close",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "connect",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "creat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "dup",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "dup2",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "dup3",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "epoll_create",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "epoll_create1",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "epoll_ctl",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "epoll_ctl_old",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "epoll_pwait",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "epoll_wait",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "epoll_wait_old",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "eventfd",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "eventfd2",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "execve",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "execveat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "exit",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "exit_group",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "faccessat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fadvise64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fadvise64_64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fallocate",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fanotify_init",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fanotify_mark",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fchdir",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fchmod",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fchmodat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fchown",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fchown32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fchownat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fcntl",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fcntl64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fdatasync",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fgetxattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "flistxattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "flock",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fork",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fremovexattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fsetxattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fstat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fstat64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fstatat64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fstatfs",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fstatfs64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "fsync",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "ftruncate",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "ftruncate64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "futex",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "futimesat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getcpu",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getcwd",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getdents",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getdents64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getegid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getegid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "geteuid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "geteuid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getgid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getgid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getgroups",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getgroups32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getitimer",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getpeername",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getpgid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getpgrp",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getpid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getppid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getpriority",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getrandom",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getresgid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getresgid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getresuid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getresuid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getrlimit",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "get_robust_list",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getrusage",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getsid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getsockname",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getsockopt",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "get_thread_area",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "gettid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "gettimeofday",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getuid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getuid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "getxattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "inotify_add_watch",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "inotify_init",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "inotify_init1",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "inotify_rm_watch",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "io_cancel",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "ioctl",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "io_destroy",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "io_getevents",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "ioprio_get",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "ioprio_set",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "io_setup",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "io_submit",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "kill",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "lchown",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "lchown32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "lgetxattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "link",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "linkat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "listen",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "listxattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "llistxattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "_llseek",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "lremovexattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "lseek",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "lsetxattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "lstat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "lstat64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "madvise",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "memfd_create",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mincore",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mkdir",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mkdirat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mknod",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mknodat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mlock",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mlockall",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mmap",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mmap2",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mprotect",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mq_getsetattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mq_notify",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mq_open",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mq_timedreceive",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mq_timedsend",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mq_unlink",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "mremap",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "msgctl",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "msgget",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "msgrcv",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "msgsnd",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "msync",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "munlock",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "munlockall",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "munmap",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "name_to_handle_at",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "nanosleep",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "newfstatat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "_newselect",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "open",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "open_by_handle_at",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "openat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "pause",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "pipe",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "pipe2",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "poll",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "ppoll",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "prctl",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "pread64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "preadv",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "prlimit64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "pselect6",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "pwrite64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "pwritev",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "read",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "readahead",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "readlink",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "readlinkat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "readv",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "recvfrom",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "recvmmsg",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "recvmsg",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "remap_file_pages",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "removexattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "rename",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "renameat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "renameat2",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "rmdir",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "rt_sigaction",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "rt_sigpending",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "rt_sigprocmask",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "rt_sigqueueinfo",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "rt_sigreturn",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "rt_sigsuspend",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "rt_sigtimedwait",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "rt_tgsigqueueinfo",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_getaffinity",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_getattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_getparam",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_get_priority_max",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_get_priority_min",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_getscheduler",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_rr_get_interval",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_setaffinity",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_setattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_setparam",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_setscheduler",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sched_yield",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "seccomp",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "select",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "semctl",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "semget",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "semop",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "semtimedop",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sendfile",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sendfile64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sendmmsg",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sendmsg",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sendto",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setdomainname",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setfsgid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setfsgid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setfsuid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setfsuid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setgid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setgid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setgroups",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setgroups32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sethostname",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setitimer",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setns",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setpgid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setpriority",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setregid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setregid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setresgid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setresgid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setresuid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setresuid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setreuid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setreuid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setrlimit",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "set_robust_list",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setsid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setsockopt",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "set_thread_area",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "set_tid_address",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setuid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setuid32",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "setxattr",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "shmat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "shmctl",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "shmdt",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "shmget",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "shutdown",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sigaltstack",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "signalfd",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "signalfd4",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "socket",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "socketpair",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "splice",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "stat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "stat64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "statfs",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "statfs64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "statx",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "symlink",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "symlinkat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sync",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sync_file_range",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "syncfs",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "sysinfo",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "syslog",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "tee",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "tgkill",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "time",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "timer_create",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "timer_delete",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "timerfd_create",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "timerfd_gettime",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "timerfd_settime",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "timer_getoverrun",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "timer_gettime",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "timer_settime",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "times",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "tkill",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "truncate",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "truncate64",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "ugetrlimit",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "umask",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "uname",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "unlink",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "unlinkat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "unshare",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "utime",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "utimensat",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "utimes",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "vfork",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "vhangup",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "vmsplice",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "wait4",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "waitid",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "write",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"name": "writev",
"action": "SCMP_ACT_ALLOW",
"args": null
},
{
"names": [
"kcmp",
"process_vm_readv",
"process_vm_writev",
"ptrace"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_PTRACE"
]
},
"excludes": {}
},
{
"names": [
"accept",
"accept4",
"access",
"adjtimex",
"alarm",
"bind",
"brk",
"capget",
"capset",
"chdir",
"chmod",
"chown",
"chown32",
"clock_getres",
"clock_gettime",
"clock_nanosleep",
"close",
"connect",
"copy_file_range",
"creat",
"dup",
"dup2",
"dup3",
"epoll_create",
"epoll_create1",
"epoll_ctl",
"epoll_ctl_old",
"epoll_pwait",
"epoll_wait",
"epoll_wait_old",
"eventfd",
"eventfd2",
"execve",
"execveat",
"exit",
"exit_group",
"faccessat",
"fadvise64",
"fadvise64_64",
"fallocate",
"fanotify_mark",
"fchdir",
"fchmod",
"fchmodat",
"fchown",
"fchown32",
"fchownat",
"fcntl",
"fcntl64",
"fdatasync",
"fgetxattr",
"flistxattr",
"flock",
"fork",
"fremovexattr",
"fsetxattr",
"fstat",
"fstat64",
"fstatat64",
"fstatfs",
"fstatfs64",
"fsync",
"ftruncate",
"ftruncate64",
"futex",
"futimesat",
"getcpu",
"getcwd",
"getdents",
"getdents64",
"getegid",
"getegid32",
"geteuid",
"geteuid32",
"getgid",
"getgid32",
"getgroups",
"getgroups32",
"getitimer",
"getpeername",
"getpgid",
"getpgrp",
"getpid",
"getppid",
"getpriority",
"getrandom",
"getresgid",
"getresgid32",
"getresuid",
"getresuid32",
"getrlimit",
"get_robust_list",
"getrusage",
"getsid",
"getsockname",
"getsockopt",
"get_thread_area",
"gettid",
"gettimeofday",
"getuid",
"getuid32",
"getxattr",
"inotify_add_watch",
"inotify_init",
"inotify_init1",
"inotify_rm_watch",
"io_cancel",
"ioctl",
"io_destroy",
"io_getevents",
"io_pgetevents",
"ioprio_get",
"ioprio_set",
"io_setup",
"io_submit",
"io_uring_enter",
"io_uring_register",
"io_uring_setup",
"ipc",
"kill",
"lchown",
"lchown32",
"lgetxattr",
"link",
"linkat",
"listen",
"listxattr",
"llistxattr",
"_llseek",
"lremovexattr",
"lseek",
"lsetxattr",
"lstat",
"lstat64",
"madvise",
"memfd_create",
"mincore",
"mkdir",
"mkdirat",
"mknod",
"mknodat",
"mlock",
"mlock2",
"mlockall",
"mmap",
"mmap2",
"mprotect",
"mq_getsetattr",
"mq_notify",
"mq_open",
"mq_timedreceive",
"mq_timedsend",
"mq_unlink",
"mremap",
"msgctl",
"msgget",
"msgrcv",
"msgsnd",
"msync",
"munlock",
"munlockall",
"munmap",
"nanosleep",
"newfstatat",
"_newselect",
"open",
"openat",
"pause",
"pipe",
"pipe2",
"poll",
"ppoll",
"prctl",
"pread64",
"preadv",
"preadv2",
"prlimit64",
"pselect6",
"pwrite64",
"pwritev",
"pwritev2",
"read",
"readahead",
"readlink",
"readlinkat",
"readv",
"recv",
"recvfrom",
"recvmmsg",
"recvmsg",
"remap_file_pages",
"removexattr",
"rename",
"renameat",
"renameat2",
"restart_syscall",
"rmdir",
"rt_sigaction",
"rt_sigpending",
"rt_sigprocmask",
"rt_sigqueueinfo",
"rt_sigreturn",
"rt_sigsuspend",
"rt_sigtimedwait",
"rt_tgsigqueueinfo",
"sched_getaffinity",
"sched_getattr",
"sched_getparam",
"sched_get_priority_max",
"sched_get_priority_min",
"sched_getscheduler",
"sched_rr_get_interval",
"sched_setaffinity",
"sched_setattr",
"sched_setparam",
"sched_setscheduler",
"sched_yield",
"seccomp",
"select",
"semctl",
"semget",
"semop",
"semtimedop",
"send",
"sendfile",
"sendfile64",
"sendmmsg",
"sendmsg",
"sendto",
"setfsgid",
"setfsgid32",
"setfsuid",
"setfsuid32",
"setgid",
"setgid32",
"setgroups",
"setgroups32",
"setitimer",
"setpgid",
"setpriority",
"setregid",
"setregid32",
"setresgid",
"setresgid32",
"setresuid",
"setresuid32",
"setreuid",
"setreuid32",
"setrlimit",
"set_robust_list",
"setsid",
"setsockopt",
"set_thread_area",
"set_tid_address",
"setuid",
"setuid32",
"setxattr",
"shmat",
"shmctl",
"shmdt",
"shmget",
"shutdown",
"sigaltstack",
"signalfd",
"signalfd4",
"sigprocmask",
"sigreturn",
"socket",
"socketcall",
"socketpair",
"splice",
"stat",
"stat64",
"statfs",
"statfs64",
"statx",
"symlink",
"symlinkat",
"sync",
"sync_file_range",
"syncfs",
"sysinfo",
"tee",
"tgkill",
"time",
"timer_create",
"timer_delete",
"timerfd_create",
"timerfd_gettime",
"timerfd_settime",
"timer_getoverrun",
"timer_gettime",
"timer_settime",
"times",
"tkill",
"truncate",
"truncate64",
"ugetrlimit",
"umask",
"uname",
"unlink",
"unlinkat",
"utime",
"utimensat",
"utimes",
"vfork",
"vmsplice",
"wait4",
"waitid",
"waitpid",
"write",
"writev"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {},
"excludes": {}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment