9502c11
{
9502c11
	"defaultAction": "SCMP_ACT_ERRNO",
9502c11
	"archMap": [
9502c11
		{
9502c11
			"architecture": "SCMP_ARCH_X86_64",
9502c11
			"subArchitectures": [
9502c11
				"SCMP_ARCH_X86",
9502c11
				"SCMP_ARCH_X32"
9502c11
			]
9502c11
		},
9502c11
		{
9502c11
			"architecture": "SCMP_ARCH_AARCH64",
9502c11
			"subArchitectures": [
9502c11
				"SCMP_ARCH_ARM"
9502c11
			]
9502c11
		},
9502c11
		{
9502c11
			"architecture": "SCMP_ARCH_MIPS64",
9502c11
			"subArchitectures": [
9502c11
				"SCMP_ARCH_MIPS",
9502c11
				"SCMP_ARCH_MIPS64N32"
9502c11
			]
9502c11
		},
9502c11
		{
9502c11
			"architecture": "SCMP_ARCH_MIPS64N32",
9502c11
			"subArchitectures": [
9502c11
				"SCMP_ARCH_MIPS",
9502c11
				"SCMP_ARCH_MIPS64"
9502c11
			]
9502c11
		},
9502c11
		{
9502c11
			"architecture": "SCMP_ARCH_MIPSEL64",
9502c11
			"subArchitectures": [
9502c11
				"SCMP_ARCH_MIPSEL",
9502c11
				"SCMP_ARCH_MIPSEL64N32"
9502c11
			]
9502c11
		},
9502c11
		{
9502c11
			"architecture": "SCMP_ARCH_MIPSEL64N32",
9502c11
			"subArchitectures": [
9502c11
				"SCMP_ARCH_MIPSEL",
9502c11
				"SCMP_ARCH_MIPSEL64"
9502c11
			]
9502c11
		},
9502c11
		{
9502c11
			"architecture": "SCMP_ARCH_S390X",
9502c11
			"subArchitectures": [
9502c11
				"SCMP_ARCH_S390"
9502c11
			]
9502c11
		}
9502c11
	],
9502c11
	"syscalls": [
9502c11
		{
9502c11
			"names": [
9502c11
				"accept",
9502c11
				"accept4",
9502c11
				"access",
389fa50
				"adjtimex",
9502c11
				"alarm",
9502c11
				"bind",
9502c11
				"brk",
9502c11
				"capget",
9502c11
				"capset",
9502c11
				"chdir",
9502c11
				"chmod",
9502c11
				"chown",
9502c11
				"chown32",
9502c11
				"clock_getres",
9502c11
				"clock_gettime",
9502c11
				"clock_nanosleep",
9502c11
				"close",
9502c11
				"connect",
9502c11
				"copy_file_range",
9502c11
				"creat",
9502c11
				"dup",
9502c11
				"dup2",
9502c11
				"dup3",
9502c11
				"epoll_create",
9502c11
				"epoll_create1",
9502c11
				"epoll_ctl",
9502c11
				"epoll_ctl_old",
9502c11
				"epoll_pwait",
9502c11
				"epoll_wait",
9502c11
				"epoll_wait_old",
9502c11
				"eventfd",
9502c11
				"eventfd2",
9502c11
				"execve",
9502c11
				"execveat",
9502c11
				"exit",
9502c11
				"exit_group",
9502c11
				"faccessat",
9502c11
				"fadvise64",
9502c11
				"fadvise64_64",
9502c11
				"fallocate",
9502c11
				"fanotify_mark",
9502c11
				"fchdir",
9502c11
				"fchmod",
9502c11
				"fchmodat",
9502c11
				"fchown",
9502c11
				"fchown32",
9502c11
				"fchownat",
9502c11
				"fcntl",
9502c11
				"fcntl64",
9502c11
				"fdatasync",
9502c11
				"fgetxattr",
9502c11
				"flistxattr",
9502c11
				"flock",
9502c11
				"fork",
9502c11
				"fremovexattr",
9502c11
				"fsetxattr",
9502c11
				"fstat",
9502c11
				"fstat64",
9502c11
				"fstatat64",
9502c11
				"fstatfs",
9502c11
				"fstatfs64",
9502c11
				"fsync",
9502c11
				"ftruncate",
9502c11
				"ftruncate64",
9502c11
				"futex",
9502c11
				"futimesat",
9502c11
				"getcpu",
9502c11
				"getcwd",
9502c11
				"getdents",
9502c11
				"getdents64",
9502c11
				"getegid",
9502c11
				"getegid32",
9502c11
				"geteuid",
9502c11
				"geteuid32",
9502c11
				"getgid",
9502c11
				"getgid32",
9502c11
				"getgroups",
9502c11
				"getgroups32",
9502c11
				"getitimer",
9502c11
				"getpeername",
9502c11
				"getpgid",
9502c11
				"getpgrp",
9502c11
				"getpid",
9502c11
				"getppid",
9502c11
				"getpriority",
9502c11
				"getrandom",
9502c11
				"getresgid",
9502c11
				"getresgid32",
9502c11
				"getresuid",
9502c11
				"getresuid32",
9502c11
				"getrlimit",
9502c11
				"get_robust_list",
9502c11
				"getrusage",
9502c11
				"getsid",
9502c11
				"getsockname",
9502c11
				"getsockopt",
9502c11
				"get_thread_area",
9502c11
				"gettid",
9502c11
				"gettimeofday",
9502c11
				"getuid",
9502c11
				"getuid32",
9502c11
				"getxattr",
9502c11
				"inotify_add_watch",
9502c11
				"inotify_init",
9502c11
				"inotify_init1",
9502c11
				"inotify_rm_watch",
9502c11
				"io_cancel",
9502c11
				"ioctl",
9502c11
				"io_destroy",
9502c11
				"io_getevents",
9502c11
				"ioprio_get",
9502c11
				"ioprio_set",
9502c11
				"io_setup",
9502c11
				"io_submit",
9502c11
				"ipc",
9502c11
				"kill",
9502c11
				"lchown",
9502c11
				"lchown32",
9502c11
				"lgetxattr",
9502c11
				"link",
9502c11
				"linkat",
9502c11
				"listen",
9502c11
				"listxattr",
9502c11
				"llistxattr",
9502c11
				"_llseek",
9502c11
				"lremovexattr",
9502c11
				"lseek",
9502c11
				"lsetxattr",
9502c11
				"lstat",
9502c11
				"lstat64",
9502c11
				"madvise",
9502c11
				"memfd_create",
9502c11
				"mincore",
9502c11
				"mkdir",
9502c11
				"mkdirat",
9502c11
				"mknod",
9502c11
				"mknodat",
9502c11
				"mlock",
9502c11
				"mlock2",
9502c11
				"mlockall",
9502c11
				"mmap",
9502c11
				"mmap2",
9502c11
				"mprotect",
9502c11
				"mq_getsetattr",
9502c11
				"mq_notify",
9502c11
				"mq_open",
9502c11
				"mq_timedreceive",
9502c11
				"mq_timedsend",
9502c11
				"mq_unlink",
9502c11
				"mremap",
9502c11
				"msgctl",
9502c11
				"msgget",
9502c11
				"msgrcv",
9502c11
				"msgsnd",
9502c11
				"msync",
9502c11
				"munlock",
9502c11
				"munlockall",
9502c11
				"munmap",
9502c11
				"nanosleep",
9502c11
				"newfstatat",
9502c11
				"_newselect",
9502c11
				"open",
9502c11
				"openat",
9502c11
				"pause",
9502c11
				"pipe",
9502c11
				"pipe2",
9502c11
				"poll",
9502c11
				"ppoll",
9502c11
				"prctl",
9502c11
				"pread64",
9502c11
				"preadv",
389fa50
				"preadv2",
9502c11
				"prlimit64",
9502c11
				"pselect6",
9502c11
				"pwrite64",
9502c11
				"pwritev",
389fa50
				"pwritev2",
9502c11
				"read",
9502c11
				"readahead",
9502c11
				"readlink",
9502c11
				"readlinkat",
9502c11
				"readv",
9502c11
				"recv",
9502c11
				"recvfrom",
9502c11
				"recvmmsg",
9502c11
				"recvmsg",
9502c11
				"remap_file_pages",
9502c11
				"removexattr",
9502c11
				"rename",
9502c11
				"renameat",
9502c11
				"renameat2",
9502c11
				"restart_syscall",
9502c11
				"rmdir",
9502c11
				"rt_sigaction",
9502c11
				"rt_sigpending",
9502c11
				"rt_sigprocmask",
9502c11
				"rt_sigqueueinfo",
9502c11
				"rt_sigreturn",
9502c11
				"rt_sigsuspend",
9502c11
				"rt_sigtimedwait",
9502c11
				"rt_tgsigqueueinfo",
9502c11
				"sched_getaffinity",
9502c11
				"sched_getattr",
9502c11
				"sched_getparam",
9502c11
				"sched_get_priority_max",
9502c11
				"sched_get_priority_min",
9502c11
				"sched_getscheduler",
9502c11
				"sched_rr_get_interval",
9502c11
				"sched_setaffinity",
9502c11
				"sched_setattr",
9502c11
				"sched_setparam",
9502c11
				"sched_setscheduler",
9502c11
				"sched_yield",
9502c11
				"seccomp",
9502c11
				"select",
9502c11
				"semctl",
9502c11
				"semget",
9502c11
				"semop",
9502c11
				"semtimedop",
9502c11
				"send",
9502c11
				"sendfile",
9502c11
				"sendfile64",
9502c11
				"sendmmsg",
9502c11
				"sendmsg",
9502c11
				"sendto",
9502c11
				"setfsgid",
9502c11
				"setfsgid32",
9502c11
				"setfsuid",
9502c11
				"setfsuid32",
9502c11
				"setgid",
9502c11
				"setgid32",
9502c11
				"setgroups",
9502c11
				"setgroups32",
9502c11
				"setitimer",
9502c11
				"setpgid",
9502c11
				"setpriority",
9502c11
				"setregid",
9502c11
				"setregid32",
9502c11
				"setresgid",
9502c11
				"setresgid32",
9502c11
				"setresuid",
9502c11
				"setresuid32",
9502c11
				"setreuid",
9502c11
				"setreuid32",
9502c11
				"setrlimit",
9502c11
				"set_robust_list",
9502c11
				"setsid",
9502c11
				"setsockopt",
9502c11
				"set_thread_area",
9502c11
				"set_tid_address",
9502c11
				"setuid",
9502c11
				"setuid32",
9502c11
				"setxattr",
9502c11
				"shmat",
9502c11
				"shmctl",
9502c11
				"shmdt",
9502c11
				"shmget",
9502c11
				"shutdown",
9502c11
				"sigaltstack",
9502c11
				"signalfd",
9502c11
				"signalfd4",
9502c11
				"sigreturn",
9502c11
				"socket",
9502c11
				"socketcall",
9502c11
				"socketpair",
9502c11
				"splice",
9502c11
				"stat",
9502c11
				"stat64",
9502c11
				"statfs",
9502c11
				"statfs64",
9502c11
				"symlink",
9502c11
				"symlinkat",
9502c11
				"sync",
9502c11
				"sync_file_range",
9502c11
				"syncfs",
9502c11
				"sysinfo",
9502c11
				"syslog",
9502c11
				"tee",
9502c11
				"tgkill",
9502c11
				"time",
9502c11
				"timer_create",
9502c11
				"timer_delete",
9502c11
				"timerfd_create",
9502c11
				"timerfd_gettime",
9502c11
				"timerfd_settime",
9502c11
				"timer_getoverrun",
9502c11
				"timer_gettime",
9502c11
				"timer_settime",
9502c11
				"times",
9502c11
				"tkill",
9502c11
				"truncate",
9502c11
				"truncate64",
9502c11
				"ugetrlimit",
9502c11
				"umask",
9502c11
				"uname",
9502c11
				"unlink",
9502c11
				"unlinkat",
9502c11
				"utime",
9502c11
				"utimensat",
9502c11
				"utimes",
9502c11
				"vfork",
9502c11
				"vmsplice",
9502c11
				"wait4",
9502c11
				"waitid",
9502c11
				"waitpid",
9502c11
				"write",
9502c11
				"writev",
9502c11
				"mount",
9502c11
				"umount2",
9502c11
				"reboot",
9502c11
				"name_to_handle_at",
9502c11
				"unshare"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"personality"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [
9502c11
				{
9502c11
					"index": 0,
9502c11
					"value": 0,
9502c11
					"valueTwo": 0,
9502c11
					"op": "SCMP_CMP_EQ"
9502c11
				}
9502c11
			],
9502c11
			"comment": "",
9502c11
			"includes": {},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"personality"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [
9502c11
				{
9502c11
					"index": 0,
9502c11
					"value": 8,
9502c11
					"valueTwo": 0,
9502c11
					"op": "SCMP_CMP_EQ"
9502c11
				}
9502c11
			],
9502c11
			"comment": "",
9502c11
			"includes": {},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"personality"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [
9502c11
				{
9502c11
					"index": 0,
389fa50
					"value": 131072,
389fa50
					"valueTwo": 0,
389fa50
					"op": "SCMP_CMP_EQ"
389fa50
				}
389fa50
			],
389fa50
			"comment": "",
389fa50
			"includes": {},
389fa50
			"excludes": {}
389fa50
		},
389fa50
		{
389fa50
			"names": [
389fa50
				"personality"
389fa50
			],
389fa50
			"action": "SCMP_ACT_ALLOW",
389fa50
			"args": [
389fa50
				{
389fa50
					"index": 0,
389fa50
					"value": 131080,
389fa50
					"valueTwo": 0,
389fa50
					"op": "SCMP_CMP_EQ"
389fa50
				}
389fa50
			],
389fa50
			"comment": "",
389fa50
			"includes": {},
389fa50
			"excludes": {}
389fa50
		},
389fa50
		{
389fa50
			"names": [
389fa50
				"personality"
389fa50
			],
389fa50
			"action": "SCMP_ACT_ALLOW",
389fa50
			"args": [
389fa50
				{
389fa50
					"index": 0,
9502c11
					"value": 4294967295,
9502c11
					"valueTwo": 0,
9502c11
					"op": "SCMP_CMP_EQ"
9502c11
				}
9502c11
			],
9502c11
			"comment": "",
9502c11
			"includes": {},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
389fa50
				"sync_file_range2"
389fa50
			],
389fa50
			"action": "SCMP_ACT_ALLOW",
389fa50
			"args": [],
389fa50
			"comment": "",
389fa50
			"includes": {
389fa50
				"arches": [
389fa50
					"ppc64le"
389fa50
				]
389fa50
			},
389fa50
			"excludes": {}
389fa50
		},
389fa50
		{
389fa50
			"names": [
389fa50
				"arm_fadvise64_64",
389fa50
				"arm_sync_file_range",
389fa50
				"sync_file_range2",
9502c11
				"breakpoint",
9502c11
				"cacheflush",
9502c11
				"set_tls"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"arches": [
9502c11
					"arm",
9502c11
					"arm64"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"arch_prctl"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"arches": [
9502c11
					"amd64",
9502c11
					"x32"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"modify_ldt"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"arches": [
9502c11
					"amd64",
9502c11
					"x32",
9502c11
					"x86"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"s390_pci_mmio_read",
9502c11
				"s390_pci_mmio_write",
9502c11
				"s390_runtime_instr"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"arches": [
9502c11
					"s390",
9502c11
					"s390x"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"open_by_handle_at"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"caps": [
9502c11
					"CAP_DAC_READ_SEARCH"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"bpf",
9502c11
				"clone",
9502c11
				"fanotify_init",
9502c11
				"lookup_dcookie",
9502c11
				"mount",
9502c11
				"name_to_handle_at",
9502c11
				"perf_event_open",
389fa50
				"quotactl",
9502c11
				"setdomainname",
9502c11
				"sethostname",
9502c11
				"setns",
9502c11
				"umount",
9502c11
				"umount2",
9502c11
				"unshare"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_ADMIN"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"clone"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [
9502c11
				{
9502c11
					"index": 0,
9502c11
					"value": 2080505856,
9502c11
					"valueTwo": 0,
9502c11
					"op": "SCMP_CMP_MASKED_EQ"
9502c11
				}
9502c11
			],
9502c11
			"comment": "",
9502c11
			"includes": {},
9502c11
			"excludes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_ADMIN"
9502c11
				],
9502c11
				"arches": [
9502c11
					"s390",
9502c11
					"s390x"
9502c11
				]
9502c11
			}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"clone"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [
9502c11
				{
9502c11
					"index": 1,
9502c11
					"value": 2080505856,
9502c11
					"valueTwo": 0,
9502c11
					"op": "SCMP_CMP_MASKED_EQ"
9502c11
				}
9502c11
			],
9502c11
			"comment": "s390 parameter ordering for clone is different",
9502c11
			"includes": {
9502c11
				"arches": [
9502c11
					"s390",
9502c11
					"s390x"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_ADMIN"
9502c11
				]
9502c11
			}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"reboot"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_BOOT"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"chroot"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_CHROOT"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"delete_module",
9502c11
				"init_module",
9502c11
				"finit_module",
9502c11
				"query_module"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_MODULE"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
389fa50
				"get_mempolicy",
389fa50
				"mbind",
389fa50
				"name_to_handle_at",
389fa50
				"set_mempolicy"
389fa50
			],
389fa50
			"action": "SCMP_ACT_ALLOW",
389fa50
			"args": [],
389fa50
			"comment": "",
389fa50
			"includes": {
389fa50
				"caps": [
389fa50
					"CAP_SYS_NICE"
389fa50
				]
389fa50
			},
389fa50
			"excludes": {}
389fa50
		},
389fa50
		{
389fa50
			"names": [
9502c11
				"acct"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_PACCT"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"kcmp",
9502c11
				"process_vm_readv",
9502c11
				"process_vm_writev",
9502c11
				"ptrace"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_PTRACE"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"iopl",
9502c11
				"ioperm"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_RAWIO"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"settimeofday",
9502c11
				"stime",
389fa50
				"clock_settime"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_TIME"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		},
9502c11
		{
9502c11
			"names": [
9502c11
				"vhangup"
9502c11
			],
9502c11
			"action": "SCMP_ACT_ALLOW",
9502c11
			"args": [],
9502c11
			"comment": "",
9502c11
			"includes": {
9502c11
				"caps": [
9502c11
					"CAP_SYS_TTY_CONFIG"
9502c11
				]
9502c11
			},
9502c11
			"excludes": {}
9502c11
		}
9502c11
	]
389fa50
}