1#******************************************************************************* 2# Copyright (c) 2020 The Linux Foundation. All rights reserved. 3# 4# Redistribution and use in source and binary forms, with or without 5# modification, are permitted provided that the following conditions are 6# met: 7# * Redistributions of source code must retain the above copyright 8# notice, this list of conditions and the following disclaimer. 9# * Redistributions in binary form must reproduce the above 10# copyright notice, this list of conditions and the following 11# disclaimer in the documentation and/or other materials provided 12# with the distribution. 13# * Neither the name of The Linux Foundation, nor the names of its 14# contributors may be used to endorse or promote products derived 15# from this software without specific prior written permission. 16# 17# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED 18# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 19# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT 20# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS 21# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 24# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 25# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 26# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 27# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28# 29#****************************************************************************** 30 31clone: 1 32close: 1 33connect: 1 34execve: 1 35exit_group: 1 36exit: 1 37faccessat: 1 38fcntl: 1 39fstat: 1 40fstatfs: 1 41futex: 1 42getpid: 1 43getuid: 1 44getgid: 1 45getegid: 1 46getgroups: 1 47geteuid: 1 48umask: 1 49getrandom: 1 50mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE 51mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE 52mremap: 1 53munmap: 1 54newfstatat: 1 55openat: 1 56#prctl: arg0 == PR_SET_VMA || arg0 == PR_SET_NO_NEW_PRIVS || arg0 == PR_GET_DUMPABLE || arg0 == PR_SET_SECCOMP || arg0 == 0x37 /* PR_??? */ 57prctl: 1 58pread64: 1 59read: 1 60pwrite64: 1 61write: 1 62writev: 1 63readlinkat: 1 64restart_syscall: 1 65rt_sigaction: 1 66rt_sigprocmask: 1 67rt_sigreturn: 1 68sched_getscheduler: 1 69set_tid_address: 1 70sigaltstack: 1 71unlinkat: 1 72lseek: 1 73##ioctl: arg1 == _IOC(_IOC_NONE || arg1 == _IOC(_IOC_READ || arg1 == VSOC_MAYBE_SEND_INTERRUPT_TO_HOST 74ioctl: 1 75clock_gettime: 1 76 77 78socket: arg0 == AF_INET6 || arg0 == AF_UNIX || arg0 == AF_QIPCRTR 79connect: 1 80setsockopt: 1 81getsockname: 1 82socketpair: 1 83ppoll: 1 84pselect6: 1 85accept4: 1 86listen: 1 87bind: 1 88pipe2: 1 89 90recvmsg: 1 91sendmsg: 1 92 93sendto: 1 94recvfrom: 1 95 96getsockname: 1 97nanosleep: 1 98clone: 1 99setsockopt: 1 100getsockopt: 1 101madvise: 1 102 103getitimer: 1 104setitimer: 1 105getpid: 1 106bind: 1 107listen: 1 108getpeername: 1 109socketpair: 1 110wait4: 1 111chown: 1 112fchown: 1 113lchown: 1 114umask: 1 115mmap2: 1 116fstat64: 1 117fstatat64: 1 118_llseek: 1 119geteuid: 1 120