--- /dev/null
+name: "runner-sandbox"
+description: "Nsjail setup for scripting-engine-runner sandbox"
+
+# Run the command once
+mode: ONCE
+
+# uts host name
+hostname: "malort-jail"
+
+# Cwd
+cwd: "/"
+
+# Allow the process to run indefinitely
+time_limit: 0
+
+## Environment variables
+# Runner needs the location for lua-libs
+envar: "HUBCORE_LUA_LIB_DIR=/usr/share/lua-libs"
+
+## Rlimit settings
+# Address space
+#rlimit_as: 0
+
+# Core dump file size
+#rlimit_core: 0
+
+# Total CPU run time, seconds
+#rlimit_cpu: 0
+rlimit_cpu_type: INF
+
+# Maximum file size
+#rlimit_fsize: 0
+
+# Maximum number of files
+#rlimit_nofile: 0
+
+# Maximum number of processes
+# Warn: Documentation says this is tricky, fiddle at your own risk!
+#rlimit_nproc: 0
+
+# Maximum stack size
+#rlimit_stack: 0
+
+## Uid/Gid re-mapping
+# set uid
+uidmap {
+ inside_id: "9999"
+}
+
+# set gid
+gidmap {
+ inside_id: "9999"
+}
+
+clone_newnet: true
+clone_newuser: true
+clone_newns: true
+clone_newpid: true
+clone_newipc: true
+clone_newuts: true
+clone_newcgroup: true
+
+cgroup_mem_max: 10000000
+cgroup_cpu_ms_per_sec: 100
+
+pass_fd: 10
+
+## Mount settings
+mount_proc: false
+
+# Mount lib directory
+mount {
+ src: "/lib"
+ dst: "/lib"
+ is_bind: true
+ nosuid: true
+ nodev: true
+ rw: false
+}
+
+mount {
+ src: "/bin"
+ dst: "/bin"
+ is_bind: true
+ nosuid: true
+ nodev: true
+ rw: false
+}
+
+mount {
+ src: "/usr"
+ dst: "/usr"
+ is_bind: true
+ nosuid: true
+ nodev: true
+ rw: false
+}
+
+# Seccomp settings
+seccomp_string: "ALLOW {"
+seccomp_string: " SYSCALL[1]," #exit
+#seccomp_string: " SYSCALL[2]," #fork
+seccomp_string: " SYSCALL[3]," #read
+seccomp_string: " SYSCALL[4]," #write
+seccomp_string: " SYSCALL[5]," #open
+seccomp_string: " SYSCALL[6]," #close
+#seccomp_string: " SYSCALL[7]," #NA
+#seccomp_string: " SYSCALL[8]," #creat
+#seccomp_string: " SYSCALL[9]," #link
+#seccomp_string: " SYSCALL[10]," #unlink
+seccomp_string: " SYSCALL[11]," #execve
+seccomp_string: " SYSCALL[12]," #chdir
+#seccomp_string: " SYSCALL[13]," #NA
+#seccomp_string: " SYSCALL[14]," #mknod
+#seccomp_string: " SYSCALL[15]," #chmod
+#seccomp_string: " SYSCALL[16]," #lchown
+#seccomp_string: " SYSCALL[17]," #NA
+#seccomp_string: " SYSCALL[18]," #NA
+#seccomp_string: " SYSCALL[19]," #lseek
+seccomp_string: " SYSCALL[20]," #getpid
+#seccomp_string: " SYSCALL[21]," #mount
+#seccomp_string: " SYSCALL[22]," #NA
+#seccomp_string: " SYSCALL[23]," #setuid
+seccomp_string: " SYSCALL[24]," #getuid
+#seccomp_string: " SYSCALL[25]," #NA
+#seccomp_string: " SYSCALL[26]," #ptrace
+#seccomp_string: " SYSCALL[27]," #NA
+#seccomp_string: " SYSCALL[28]," #NA
+#seccomp_string: " SYSCALL[29]," #pause
+#seccomp_string: " SYSCALL[30]," #NA
+#seccomp_string: " SYSCALL[31]," #NA
+#seccomp_string: " SYSCALL[32]," #NA
+seccomp_string: " SYSCALL[33]," #access
+#seccomp_string: " SYSCALL[34]," #nice
+#seccomp_string: " SYSCALL[35]," #NA
+#seccomp_string: " SYSCALL[36]," #sync
+#seccomp_string: " SYSCALL[37]," #kill
+#seccomp_string: " SYSCALL[38]," #rename
+#seccomp_string: " SYSCALL[39]," #mkdir
+#seccomp_string: " SYSCALL[40]," #rmdir
+seccomp_string: " SYSCALL[41]," #dup
+seccomp_string: " SYSCALL[42]," #pipe
+#seccomp_string: " SYSCALL[43]," #times
+#seccomp_string: " SYSCALL[44]," #NA
+seccomp_string: " SYSCALL[45]," #brk
+#seccomp_string: " SYSCALL[46]," #setgid
+seccomp_string: " SYSCALL[47]," #getgid
+#seccomp_string: " SYSCALL[48]," #NA
+seccomp_string: " SYSCALL[49]," #geteuid
+seccomp_string: " SYSCALL[50]," #getegid
+#seccomp_string: " SYSCALL[51]," #acct
+#seccomp_string: " SYSCALL[52]," #umount2
+#seccomp_string: " SYSCALL[53]," #NA
+seccomp_string: " SYSCALL[54]," #ioctl
+seccomp_string: " SYSCALL[55]," #fcntl
+#seccomp_string: " SYSCALL[56]," #NA
+#seccomp_string: " SYSCALL[57]," #setpgid
+#seccomp_string: " SYSCALL[58]," #NA
+#seccomp_string: " SYSCALL[59]," #NA
+#seccomp_string: " SYSCALL[60]," #umask
+#seccomp_string: " SYSCALL[61]," #chroot
+#seccomp_string: " SYSCALL[62]," #ustat
+seccomp_string: " SYSCALL[63]," #dup2
+seccomp_string: " SYSCALL[64]," #getppid
+#seccomp_string: " SYSCALL[65]," #getpgrp
+#seccomp_string: " SYSCALL[66]," #setsid
+#seccomp_string: " SYSCALL[67]," #sigaction
+#seccomp_string: " SYSCALL[68]," #NA
+#seccomp_string: " SYSCALL[69]," #NA
+#seccomp_string: " SYSCALL[70]," #setreuid
+#seccomp_string: " SYSCALL[71]," #setregid
+#seccomp_string: " SYSCALL[72]," #sigsuspend
+#seccomp_string: " SYSCALL[73]," #sigpending
+#seccomp_string: " SYSCALL[74]," #sethostname
+#seccomp_string: " SYSCALL[75]," #setrlimit
+#seccomp_string: " SYSCALL[76]," #old_getrlimit/NA
+#seccomp_string: " SYSCALL[77]," #getrusage
+seccomp_string: " SYSCALL[78]," #gettimeofday
+#seccomp_string: " SYSCALL[79]," #settimeofday
+#seccomp_string: " SYSCALL[80]," #getgroups
+#seccomp_string: " SYSCALL[81]," #setgroups
+#seccomp_string: " SYSCALL[82]," #NA
+#seccomp_string: " SYSCALL[83]," #symlink
+#seccomp_string: " SYSCALL[84]," #NA
+seccomp_string: " SYSCALL[85]," #readlink
+#seccomp_string: " SYSCALL[86]," #uselib
+#seccomp_string: " SYSCALL[87]," #swapon
+#seccomp_string: " SYSCALL[88]," #reboot
+seccomp_string: " SYSCALL[89]," #readdir
+seccomp_string: " SYSCALL[90]," #mmap
+seccomp_string: " SYSCALL[91]," #munmap
+#seccomp_string: " SYSCALL[92]," #truncate
+#seccomp_string: " SYSCALL[93]," #ftruncate
+#seccomp_string: " SYSCALL[94]," #fchmod
+#seccomp_string: " SYSCALL[95]," #fchown
+#seccomp_string: " SYSCALL[96]," #getpriority
+#seccomp_string: " SYSCALL[97]," #setpriority
+#seccomp_string: " SYSCALL[98]," #NA
+#seccomp_string: " SYSCALL[99]," #statfs
+#seccomp_string: " SYSCALL[100]," #fstatfs
+#seccomp_string: " SYSCALL[101]," #NA
+#seccomp_string: " SYSCALL[102]," #NA
+#seccomp_string: " SYSCALL[103]," #syslog
+#seccomp_string: " SYSCALL[104]," #setitimer
+#seccomp_string: " SYSCALL[105]," #getitimer
+seccomp_string: " SYSCALL[106]," #stat
+seccomp_string: " SYSCALL[107]," #lstat
+seccomp_string: " SYSCALL[108]," #fstat
+#seccomp_string: " SYSCALL[109]," #NA
+#seccomp_string: " SYSCALL[110]," #NA
+#seccomp_string: " SYSCALL[111]," #vhangup
+#seccomp_string: " SYSCALL[112]," #NA
+#seccomp_string: " SYSCALL[113]," #NA
+seccomp_string: " SYSCALL[114]," #wait4
+#seccomp_string: " SYSCALL[115]," #swapoff
+#seccomp_string: " SYSCALL[116]," #sysinfo
+#seccomp_string: " SYSCALL[117]," #NA
+#seccomp_string: " SYSCALL[118]," #fsync
+seccomp_string: " SYSCALL[119]," #sigreturn
+#seccomp_string: " SYSCALL[120]," #clone
+#seccomp_string: " SYSCALL[121]," #setdomainname
+seccomp_string: " SYSCALL[122]," #uname
+#seccomp_string: " SYSCALL[123]," #NA
+#seccomp_string: " SYSCALL[124]," #adjtimex
+seccomp_string: " SYSCALL[125]," #mprotect
+seccomp_string: " SYSCALL[126]," #sigprocmask
+#seccomp_string: " SYSCALL[127]," #NA
+#seccomp_string: " SYSCALL[128]," #init_module
+#seccomp_string: " SYSCALL[129]," #delete_module
+#seccomp_string: " SYSCALL[130]," #NA
+#seccomp_string: " SYSCALL[131]," #quotactl
+seccomp_string: " SYSCALL[132]," #getpgid
+seccomp_string: " SYSCALL[133]," #fchdir
+#seccomp_string: " SYSCALL[134]," #bdflush
+#seccomp_string: " SYSCALL[135]," #sysfs
+#seccomp_string: " SYSCALL[136]," #personality
+#seccomp_string: " SYSCALL[137]," #NA
+#seccomp_string: " SYSCALL[138]," #setfsuid
+#seccomp_string: " SYSCALL[139]," #setfsgid
+#seccomp_string: " SYSCALL[140]," #_llseek
+#seccomp_string: " SYSCALL[141]," #getdents
+seccomp_string: " SYSCALL[142]," #_newselect
+#seccomp_string: " SYSCALL[143]," #flock
+#seccomp_string: " SYSCALL[144]," #msync
+seccomp_string: " SYSCALL[145]," #readv
+#seccomp_string: " SYSCALL[146]," #writev
+#seccomp_string: " SYSCALL[147]," #getsid
+#seccomp_string: " SYSCALL[148]," #fdatasync
+#seccomp_string: " SYSCALL[149]," #_sysctl
+#seccomp_string: " SYSCALL[150]," #mlock
+#seccomp_string: " SYSCALL[151]," #munlock
+#seccomp_string: " SYSCALL[152]," #mlockall
+#seccomp_string: " SYSCALL[153]," #munlockall
+#seccomp_string: " SYSCALL[154]," #sched_setparam
+#seccomp_string: " SYSCALL[155]," #sched_getparam
+#seccomp_string: " SYSCALL[156]," #sched_setscheduler
+#seccomp_string: " SYSCALL[157]," #sched_getscheduler
+seccomp_string: " SYSCALL[158]," #sched_yield
+#seccomp_string: " SYSCALL[159]," #sched_get_priority_max
+#seccomp_string: " SYSCALL[160]," #sched_get_priority_min
+#seccomp_string: " SYSCALL[161]," #sched_rr_get_interval
+seccomp_string: " SYSCALL[162]," #nanosleep
+seccomp_string: " SYSCALL[163]," #mremap
+#seccomp_string: " SYSCALL[164]," #setresuid
+#seccomp_string: " SYSCALL[165]," #getresuid
+#seccomp_string: " SYSCALL[166]," #NA
+#seccomp_string: " SYSCALL[167]," #NA
+seccomp_string: " SYSCALL[168]," #poll
+#seccomp_string: " SYSCALL[169]," #nfsservctl
+#seccomp_string: " SYSCALL[170]," #setresgid
+#seccomp_string: " SYSCALL[171]," #getresgid
+#seccomp_string: " SYSCALL[172]," #prctl
+seccomp_string: " SYSCALL[173]," #rt_sigreturn
+seccomp_string: " SYSCALL[174]," #rt_sigaction
+seccomp_string: " SYSCALL[175]," #rt_sigprocmask
+seccomp_string: " SYSCALL[176]," #rt_sigpending
+seccomp_string: " SYSCALL[177]," #rt_sigtimedwait
+#seccomp_string: " SYSCALL[178]," #rt_sigqueueinfo
+seccomp_string: " SYSCALL[179]," #rt_sigsuspend
+seccomp_string: " SYSCALL[180]," #pread64
+#seccomp_string: " SYSCALL[181]," #pwrite64
+#seccomp_string: " SYSCALL[182]," #chown
+seccomp_string: " SYSCALL[183]," #getcwd
+#seccomp_string: " SYSCALL[184]," #capget
+#seccomp_string: " SYSCALL[185]," #capset
+seccomp_string: " SYSCALL[186]," #sigaltstack
+#seccomp_string: " SYSCALL[187]," #sendfile
+#seccomp_string: " SYSCALL[188]," #NA
+#seccomp_string: " SYSCALL[189]," #NA
+#seccomp_string: " SYSCALL[190]," #vfork
+seccomp_string: " SYSCALL[191]," #ugetrlimit
+seccomp_string: " SYSCALL[192]," #mmap2
+#seccomp_string: " SYSCALL[193]," #truncate64
+#seccomp_string: " SYSCALL[194]," #ftruncate64
+seccomp_string: " SYSCALL[195]," #stat64
+seccomp_string: " SYSCALL[196]," #lstat64
+seccomp_string: " SYSCALL[197]," #fstat64
+#seccomp_string: " SYSCALL[198]," #lchown32
+seccomp_string: " SYSCALL[199]," #getuid32
+seccomp_string: " SYSCALL[200]," #getgid32
+seccomp_string: " SYSCALL[201]," #geteuid32
+seccomp_string: " SYSCALL[202]," #getegid32
+#seccomp_string: " SYSCALL[203]," #setreuid32
+#seccomp_string: " SYSCALL[204]," #setregid32
+#seccomp_string: " SYSCALL[205]," #getgroups32
+#seccomp_string: " SYSCALL[206]," #setgroups32
+#seccomp_string: " SYSCALL[207]," #fchown32
+#seccomp_string: " SYSCALL[208]," #setresuid32
+#seccomp_string: " SYSCALL[209]," #getresuid32
+#seccomp_string: " SYSCALL[210]," #setresgid32
+#seccomp_string: " SYSCALL[211]," #getresgid32
+#seccomp_string: " SYSCALL[212]," #chown32
+#seccomp_string: " SYSCALL[213]," #setuid32
+#seccomp_string: " SYSCALL[214]," #setgid32
+#seccomp_string: " SYSCALL[215]," #setfsuid32
+#seccomp_string: " SYSCALL[216]," #setfsgid32
+#seccomp_string: " SYSCALL[217]," #getdents64
+#seccomp_string: " SYSCALL[218]," #pivot_root
+#seccomp_string: " SYSCALL[219]," #mincore
+#seccomp_string: " SYSCALL[220]," #madvise
+seccomp_string: " SYSCALL[221]," #fcntl64
+#seccomp_string: " SYSCALL[222]," #NA
+#seccomp_string: " SYSCALL[223]," #NA
+#seccomp_string: " SYSCALL[224]," #gettid
+#seccomp_string: " SYSCALL[225]," #readahead
+#seccomp_string: " SYSCALL[226]," #setxattr
+#seccomp_string: " SYSCALL[227]," #lsetxattr
+#seccomp_string: " SYSCALL[228]," #fsetxattr
+#seccomp_string: " SYSCALL[229]," #getxattr
+#seccomp_string: " SYSCALL[230]," #lgetxattr
+#seccomp_string: " SYSCALL[231]," #fgetxattr
+#seccomp_string: " SYSCALL[232]," #listxattr
+#seccomp_string: " SYSCALL[233]," #llistxattr
+#seccomp_string: " SYSCALL[234]," #flistxattr
+#seccomp_string: " SYSCALL[235]," #removexattr
+#seccomp_string: " SYSCALL[236]," #lremovexattr
+#seccomp_string: " SYSCALL[237]," #fremovexattr
+#seccomp_string: " SYSCALL[238]," #tkill
+#seccomp_string: " SYSCALL[239]," #sendfile64
+seccomp_string: " SYSCALL[240]," #futex
+#seccomp_string: " SYSCALL[241]," #sched_setaffinity
+seccomp_string: " SYSCALL[242]," #sched_getaffinity
+#seccomp_string: " SYSCALL[243]," #io_setup
+#seccomp_string: " SYSCALL[244]," #io_destroy
+#seccomp_string: " SYSCALL[245]," #io_getevents
+#seccomp_string: " SYSCALL[246]," #io_submit
+#seccomp_string: " SYSCALL[247]," #io_cancel
+seccomp_string: " SYSCALL[248]," #exit_group
+#seccomp_string: " SYSCALL[249]," #lookup_dcookie
+seccomp_string: " SYSCALL[250]," #epoll_create
+seccomp_string: " SYSCALL[251]," #epoll_ctl
+seccomp_string: " SYSCALL[252]," #epoll_wait
+#seccomp_string: " SYSCALL[253]," #remap_file_pages
+#seccomp_string: " SYSCALL[254]," #NA
+#seccomp_string: " SYSCALL[255]," #NA
+seccomp_string: " SYSCALL[256]," #set_tid_address
+#seccomp_string: " SYSCALL[257]," #timer_create
+#seccomp_string: " SYSCALL[258]," #timer_settime
+#seccomp_string: " SYSCALL[259]," #timer_gettime
+#seccomp_string: " SYSCALL[260]," #timer_getoverrun
+#seccomp_string: " SYSCALL[261]," #timer_delete
+#seccomp_string: " SYSCALL[262]," #clock_settime
+seccomp_string: " SYSCALL[263]," #clock_gettime
+seccomp_string: " SYSCALL[264]," #clock_getres
+seccomp_string: " SYSCALL[265]," #clock_nanosleep
+#seccomp_string: " SYSCALL[266]," #statfs64
+#seccomp_string: " SYSCALL[267]," #fstatfs64
+#seccomp_string: " SYSCALL[268]," #tgkill
+#seccomp_string: " SYSCALL[269]," #utimes
+#seccomp_string: " SYSCALL[270]," #arm_fadvise64_64
+#seccomp_string: " SYSCALL[271]," #pciconfig_iobase
+#seccomp_string: " SYSCALL[272]," #pciconfig_read
+#seccomp_string: " SYSCALL[273]," #pciconfig_write
+#seccomp_string: " SYSCALL[274]," #mq_open
+#seccomp_string: " SYSCALL[275]," #mq_unlink
+#seccomp_string: " SYSCALL[276]," #mq_timedsend
+#seccomp_string: " SYSCALL[277]," #mq_timedreceive
+#seccomp_string: " SYSCALL[278]," #mq_notify
+#seccomp_string: " SYSCALL[279]," #mq_getsetattr
+#seccomp_string: " SYSCALL[280]," #waitid
+#seccomp_string: " SYSCALL[281]," #socket
+#seccomp_string: " SYSCALL[282]," #bind
+#seccomp_string: " SYSCALL[283]," #connect
+seccomp_string: " SYSCALL[284]," #listen
+seccomp_string: " SYSCALL[285]," #accept
+#seccomp_string: " SYSCALL[286]," #getsockname
+#seccomp_string: " SYSCALL[287]," #getpeername
+#seccomp_string: " SYSCALL[288]," #socketpair
+#seccomp_string: " SYSCALL[289]," #send
+#seccomp_string: " SYSCALL[290]," #sendto
+seccomp_string: " SYSCALL[291]," #recv
+#seccomp_string: " SYSCALL[292]," #recvfrom
+#seccomp_string: " SYSCALL[293]," #shutdown
+#seccomp_string: " SYSCALL[294]," #setsockopt
+#seccomp_string: " SYSCALL[295]," #getsockopt
+#seccomp_string: " SYSCALL[296]," #sendmsg
+#seccomp_string: " SYSCALL[297]," #recvmsg
+#seccomp_string: " SYSCALL[298]," #semop
+#seccomp_string: " SYSCALL[299]," #semget
+#seccomp_string: " SYSCALL[300]," #semctl
+#seccomp_string: " SYSCALL[301]," #msgsnd
+#seccomp_string: " SYSCALL[302]," #msgrcv
+#seccomp_string: " SYSCALL[303]," #msgget
+#seccomp_string: " SYSCALL[304]," #msgctl
+#seccomp_string: " SYSCALL[305]," #shmat
+#seccomp_string: " SYSCALL[306]," #shmdt
+#seccomp_string: " SYSCALL[307]," #shmget
+#seccomp_string: " SYSCALL[308]," #shmctl
+#seccomp_string: " SYSCALL[309]," #add_key
+#seccomp_string: " SYSCALL[310]," #request_key
+#seccomp_string: " SYSCALL[311]," #keyctl
+#seccomp_string: " SYSCALL[312]," #semtimedop
+#seccomp_string: " SYSCALL[313]," #vserver
+#seccomp_string: " SYSCALL[314]," #ioprio_set
+#seccomp_string: " SYSCALL[315]," #ioprio_get
+#seccomp_string: " SYSCALL[316]," #inotify_init
+#seccomp_string: " SYSCALL[317]," #inotify_add_watch
+#seccomp_string: " SYSCALL[318]," #inotify_rm_watch
+#seccomp_string: " SYSCALL[319]," #mbind
+#seccomp_string: " SYSCALL[320]," #get_mempolicy
+#seccomp_string: " SYSCALL[321]," #set_mempolicy
+seccomp_string: " SYSCALL[322]," #openat
+#seccomp_string: " SYSCALL[323]," #mkdirat
+#seccomp_string: " SYSCALL[324]," #mknodat
+#seccomp_string: " SYSCALL[325]," #fchownat
+#seccomp_string: " SYSCALL[326]," #futimesat
+seccomp_string: " SYSCALL[327]," #fstatat64
+#seccomp_string: " SYSCALL[328]," #unlinkat
+#seccomp_string: " SYSCALL[329]," #renameat
+#seccomp_string: " SYSCALL[330]," #linkat
+#seccomp_string: " SYSCALL[331]," #symlinkat
+seccomp_string: " SYSCALL[332]," #readlinkat
+#seccomp_string: " SYSCALL[333]," #fchmodat
+seccomp_string: " SYSCALL[334]," #faccessat
+seccomp_string: " SYSCALL[335]," #pselect6
+seccomp_string: " SYSCALL[336]," #ppoll
+#seccomp_string: " SYSCALL[337]," #unshare
+seccomp_string: " SYSCALL[338]," #set_robust_list
+seccomp_string: " SYSCALL[339]," #get_robust_list
+#seccomp_string: " SYSCALL[340]," #splice
+#seccomp_string: " SYSCALL[341]," #arm_sync_file_range
+#seccomp_string: " SYSCALL[342]," #tee
+#seccomp_string: " SYSCALL[343]," #vmsplice
+#seccomp_string: " SYSCALL[344]," #move_pages
+#seccomp_string: " SYSCALL[345]," #getcpu
+seccomp_string: " SYSCALL[346]," #epoll_pwait
+#seccomp_string: " SYSCALL[347]," #kexec_load
+#seccomp_string: " SYSCALL[348]," #utimensat
+#seccomp_string: " SYSCALL[349]," #signalfd
+#seccomp_string: " SYSCALL[350]," #timerfd_create
+#seccomp_string: " SYSCALL[351]," #eventfd
+#seccomp_string: " SYSCALL[352]," #fallocate
+#seccomp_string: " SYSCALL[353]," #timerfd_settime
+#seccomp_string: " SYSCALL[354]," #timerfd_gettime
+#seccomp_string: " SYSCALL[355]," #signalfd4
+#seccomp_string: " SYSCALL[356]," #eventfd2
+seccomp_string: " SYSCALL[357]," #epoll_create1
+seccomp_string: " SYSCALL[358]," #dup3
+seccomp_string: " SYSCALL[359]," #pipe2
+#seccomp_string: " SYSCALL[360]," #inotify_init1
+seccomp_string: " SYSCALL[361]," #preadv
+seccomp_string: " SYSCALL[362]," #pwritev
+#seccomp_string: " SYSCALL[363]," #rt_tgsigqueueinfo
+#seccomp_string: " SYSCALL[364]," #perf_event_open
+#seccomp_string: " SYSCALL[365]," #recvmmsg
+seccomp_string: " SYSCALL[366]," #accept4
+#seccomp_string: " SYSCALL[367]," #fanotify_init
+#seccomp_string: " SYSCALL[368]," #fanotify_mark
+#seccomp_string: " SYSCALL[369]," #prlimit64
+#seccomp_string: " SYSCALL[370]," #name_to_handle_at
+#seccomp_string: " SYSCALL[371]," #open_by_handle_at
+#seccomp_string: " SYSCALL[372]," #clock_adjtime
+#seccomp_string: " SYSCALL[373]," #syncfs
+#seccomp_string: " SYSCALL[374]," #sendmmsg
+#seccomp_string: " SYSCALL[375]," #setns
+#seccomp_string: " SYSCALL[376]," #process_vm_readv
+#seccomp_string: " SYSCALL[377]," #process_vm_writev
+#seccomp_string: " SYSCALL[378]," #kcmp
+#seccomp_string: " SYSCALL[379]," #finit_module
+#seccomp_string: " SYSCALL[380]," #sched_setattr
+#seccomp_string: " SYSCALL[381]," #sched_getattr
+#seccomp_string: " SYSCALL[382]," #renameat2
+#seccomp_string: " SYSCALL[383]," #seccomp
+seccomp_string: " SYSCALL[384]," #getrandom
+#seccomp_string: " SYSCALL[385]," #memfd_create
+#seccomp_string: " SYSCALL[386]," #bpf
+#seccomp_string: " SYSCALL[387]," #execveat
+#seccomp_string: " SYSCALL[388]," #userfaultfd
+#seccomp_string: " SYSCALL[389]," #membarrier
+#seccomp_string: " SYSCALL[390]," #mlock2
+#seccomp_string: " SYSCALL[391]," #copy_file_range
+seccomp_string: " SYSCALL[392]," #preadv2
+seccomp_string: " SYSCALL[393]," #pwritev2
+#seccomp_string: " SYSCALL[394]," #pkey_mprotect
+#seccomp_string: " SYSCALL[395]," #pkey_alloc
+#seccomp_string: " SYSCALL[396]," #pkey_free
+seccomp_string: " SYSCALL[397]," #statx
+#seccomp_string: " SYSCALL[398]," #rseq
+#seccomp_string: " SYSCALL[399]," #io_pgetevents
+#seccomp_string: " SYSCALL[983041]," #ARM_breakpoint
+#seccomp_string: " SYSCALL[983042]," #ARM_cacheflush
+#seccomp_string: " SYSCALL[983043]," #ARM_usr26
+#seccomp_string: " SYSCALL[983044]," #ARM_usr32
+seccomp_string: " SYSCALL[983045]" #set_tls
+seccomp_string: "}"
+seccomp_string: "DEFAULT KILL"
+
+# Don't bring up the lo interface
+iface_no_lo: true
+
projects / platform / upstream / nsjail.git / commitdiff