1# Copyright 2017 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5close: 1 6dup: 1 7dup2: 1 8execve: 1 9exit_group: 1 10futex: 1 11kill: 1 12lseek: 1 13mprotect: 1 14munmap: 1 15read: 1 16recvfrom: 1 17sched_getaffinity: 1 18set_robust_list: 1 19sigaltstack: 1 20# Disallow clone's other than new threads. 21clone: arg0 & 0x00010000 22write: 1 23eventfd2: 1 24poll: 1 25getpid: 1 26getppid: 1 27# Allow PR_SET_NAME only. 28prctl: arg0 == 15 29access: 1 30arch_prctl: 1 31brk: 1 32exit: 1 33fcntl: 1 34fstat: 1 35ftruncate: 1 36getcwd: 1 37getrlimit: 1 38# TUNGETFEATURES 39ioctl: arg1 == 0x800454CF 40madvise: 1 41memfd_create: 1 42mmap: 1 43open: 1 44openat: 1 45prlimit64: arg2 == 0 && arg3 != 0 46recvmsg: 1 47restart_syscall: 1 48rt_sigaction: 1 49rt_sigprocmask: 1 50sendmsg: 1 51set_tid_address: 1 52stat: 1 53writev: 1 54