projects / platform / upstream / docker-engine.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Tizen_4.0 base
[platform/upstream/docker-engine.git] / profiles / seccomp / default.json
1 {
2         "defaultAction": "SCMP_ACT_ERRNO",
3         "archMap": [
4                 {
5                         "architecture": "SCMP_ARCH_X86_64",
6                         "subArchitectures": [
7                                 "SCMP_ARCH_X86",
8                                 "SCMP_ARCH_X32"
9                         ]
10                 },
11                 {
12                         "architecture": "SCMP_ARCH_AARCH64",
13                         "subArchitectures": [
14                                 "SCMP_ARCH_ARM"
15                         ]
16                 },
17                 {
18                         "architecture": "SCMP_ARCH_MIPS64",
19                         "subArchitectures": [
20                                 "SCMP_ARCH_MIPS",
21                                 "SCMP_ARCH_MIPS64N32"
22                         ]
23                 },
24                 {
25                         "architecture": "SCMP_ARCH_MIPS64N32",
26                         "subArchitectures": [
27                                 "SCMP_ARCH_MIPS",
28                                 "SCMP_ARCH_MIPS64"
29                         ]
30                 },
31                 {
32                         "architecture": "SCMP_ARCH_MIPSEL64",
33                         "subArchitectures": [
34                                 "SCMP_ARCH_MIPSEL",
35                                 "SCMP_ARCH_MIPSEL64N32"
36                         ]
37                 },
38                 {
39                         "architecture": "SCMP_ARCH_MIPSEL64N32",
40                         "subArchitectures": [
41                                 "SCMP_ARCH_MIPSEL",
42                                 "SCMP_ARCH_MIPSEL64"
43                         ]
44                 },
45                 {
46                         "architecture": "SCMP_ARCH_S390X",
47                         "subArchitectures": [
48                                 "SCMP_ARCH_S390"
49                         ]
50                 }
51         ],
52         "syscalls": [
53                 {
54                         "names": [
55                                 "accept",
56                                 "accept4",
57                                 "access",
58                                 "adjtimex",
59                                 "alarm",
60                                 "alarm",
61                                 "bind",
62                                 "brk",
63                                 "capget",
64                                 "capset",
65                                 "chdir",
66                                 "chmod",
67                                 "chown",
68                                 "chown32",
69                                 "clock_getres",
70                                 "clock_gettime",
71                                 "clock_nanosleep",
72                                 "close",
73                                 "connect",
74                                 "copy_file_range",
75                                 "creat",
76                                 "dup",
77                                 "dup2",
78                                 "dup3",
79                                 "epoll_create",
80                                 "epoll_create1",
81                                 "epoll_ctl",
82                                 "epoll_ctl_old",
83                                 "epoll_pwait",
84                                 "epoll_wait",
85                                 "epoll_wait_old",
86                                 "eventfd",
87                                 "eventfd2",
88                                 "execve",
89                                 "execveat",
90                                 "exit",
91                                 "exit_group",
92                                 "faccessat",
93                                 "fadvise64",
94                                 "fadvise64_64",
95                                 "fallocate",
96                                 "fanotify_mark",
97                                 "fchdir",
98                                 "fchmod",
99                                 "fchmodat",
100                                 "fchown",
101                                 "fchown32",
102                                 "fchownat",
103                                 "fcntl",
104                                 "fcntl64",
105                                 "fdatasync",
106                                 "fgetxattr",
107                                 "flistxattr",
108                                 "flock",
109                                 "fork",
110                                 "fremovexattr",
111                                 "fsetxattr",
112                                 "fstat",
113                                 "fstat64",
114                                 "fstatat64",
115                                 "fstatfs",
116                                 "fstatfs64",
117                                 "fsync",
118                                 "ftruncate",
119                                 "ftruncate64",
120                                 "futex",
121                                 "futimesat",
122                                 "getcpu",
123                                 "getcwd",
124                                 "getdents",
125                                 "getdents64",
126                                 "getegid",
127                                 "getegid32",
128                                 "geteuid",
129                                 "geteuid32",
130                                 "getgid",
131                                 "getgid32",
132                                 "getgroups",
133                                 "getgroups32",
134                                 "getitimer",
135                                 "getpeername",
136                                 "getpgid",
137                                 "getpgrp",
138                                 "getpid",
139                                 "getppid",
140                                 "getpriority",
141                                 "getrandom",
142                                 "getresgid",
143                                 "getresgid32",
144                                 "getresuid",
145                                 "getresuid32",
146                                 "getrlimit",
147                                 "get_robust_list",
148                                 "getrusage",
149                                 "getsid",
150                                 "getsockname",
151                                 "getsockopt",
152                                 "get_thread_area",
153                                 "gettid",
154                                 "gettimeofday",
155                                 "getuid",
156                                 "getuid32",
157                                 "getxattr",
158                                 "inotify_add_watch",
159                                 "inotify_init",
160                                 "inotify_init1",
161                                 "inotify_rm_watch",
162                                 "io_cancel",
163                                 "ioctl",
164                                 "io_destroy",
165                                 "io_getevents",
166                                 "ioprio_get",
167                                 "ioprio_set",
168                                 "io_setup",
169                                 "io_submit",
170                                 "ipc",
171                                 "kill",
172                                 "lchown",
173                                 "lchown32",
174                                 "lgetxattr",
175                                 "link",
176                                 "linkat",
177                                 "listen",
178                                 "listxattr",
179                                 "llistxattr",
180                                 "_llseek",
181                                 "lremovexattr",
182                                 "lseek",
183                                 "lsetxattr",
184                                 "lstat",
185                                 "lstat64",
186                                 "madvise",
187                                 "memfd_create",
188                                 "mincore",
189                                 "mkdir",
190                                 "mkdirat",
191                                 "mknod",
192                                 "mknodat",
193                                 "mlock",
194                                 "mlock2",
195                                 "mlockall",
196                                 "mmap",
197                                 "mmap2",
198                                 "mprotect",
199                                 "mq_getsetattr",
200                                 "mq_notify",
201                                 "mq_open",
202                                 "mq_timedreceive",
203                                 "mq_timedsend",
204                                 "mq_unlink",
205                                 "mremap",
206                                 "msgctl",
207                                 "msgget",
208                                 "msgrcv",
209                                 "msgsnd",
210                                 "msync",
211                                 "munlock",
212                                 "munlockall",
213                                 "munmap",
214                                 "nanosleep",
215                                 "newfstatat",
216                                 "_newselect",
217                                 "open",
218                                 "openat",
219                                 "pause",
220                                 "pipe",
221                                 "pipe2",
222                                 "poll",
223                                 "ppoll",
224                                 "prctl",
225                                 "pread64",
226                                 "preadv",
227                                 "preadv2",
228                                 "prlimit64",
229                                 "pselect6",
230                                 "pwrite64",
231                                 "pwritev",
232                                 "pwritev2",
233                                 "read",
234                                 "readahead",
235                                 "readlink",
236                                 "readlinkat",
237                                 "readv",
238                                 "recv",
239                                 "recvfrom",
240                                 "recvmmsg",
241                                 "recvmsg",
242                                 "remap_file_pages",
243                                 "removexattr",
244                                 "rename",
245                                 "renameat",
246                                 "renameat2",
247                                 "restart_syscall",
248                                 "rmdir",
249                                 "rt_sigaction",
250                                 "rt_sigpending",
251                                 "rt_sigprocmask",
252                                 "rt_sigqueueinfo",
253                                 "rt_sigreturn",
254                                 "rt_sigsuspend",
255                                 "rt_sigtimedwait",
256                                 "rt_tgsigqueueinfo",
257                                 "sched_getaffinity",
258                                 "sched_getattr",
259                                 "sched_getparam",
260                                 "sched_get_priority_max",
261                                 "sched_get_priority_min",
262                                 "sched_getscheduler",
263                                 "sched_rr_get_interval",
264                                 "sched_setaffinity",
265                                 "sched_setattr",
266                                 "sched_setparam",
267                                 "sched_setscheduler",
268                                 "sched_yield",
269                                 "seccomp",
270                                 "select",
271                                 "semctl",
272                                 "semget",
273                                 "semop",
274                                 "semtimedop",
275                                 "send",
276                                 "sendfile",
277                                 "sendfile64",
278                                 "sendmmsg",
279                                 "sendmsg",
280                                 "sendto",
281                                 "setfsgid",
282                                 "setfsgid32",
283                                 "setfsuid",
284                                 "setfsuid32",
285                                 "setgid",
286                                 "setgid32",
287                                 "setgroups",
288                                 "setgroups32",
289                                 "setitimer",
290                                 "setpgid",
291                                 "setpriority",
292                                 "setregid",
293                                 "setregid32",
294                                 "setresgid",
295                                 "setresgid32",
296                                 "setresuid",
297                                 "setresuid32",
298                                 "setreuid",
299                                 "setreuid32",
300                                 "setrlimit",
301                                 "set_robust_list",
302                                 "setsid",
303                                 "setsockopt",
304                                 "set_thread_area",
305                                 "set_tid_address",
306                                 "setuid",
307                                 "setuid32",
308                                 "setxattr",
309                                 "shmat",
310                                 "shmctl",
311                                 "shmdt",
312                                 "shmget",
313                                 "shutdown",
314                                 "sigaltstack",
315                                 "signalfd",
316                                 "signalfd4",
317                                 "sigreturn",
318                                 "socket",
319                                 "socketcall",
320                                 "socketpair",
321                                 "splice",
322                                 "stat",
323                                 "stat64",
324                                 "statfs",
325                                 "statfs64",
326                                 "symlink",
327                                 "symlinkat",
328                                 "sync",
329                                 "sync_file_range",
330                                 "syncfs",
331                                 "sysinfo",
332                                 "syslog",
333                                 "tee",
334                                 "tgkill",
335                                 "time",
336                                 "timer_create",
337                                 "timer_delete",
338                                 "timerfd_create",
339                                 "timerfd_gettime",
340                                 "timerfd_settime",
341                                 "timer_getoverrun",
342                                 "timer_gettime",
343                                 "timer_settime",
344                                 "times",
345                                 "tkill",
346                                 "truncate",
347                                 "truncate64",
348                                 "ugetrlimit",
349                                 "umask",
350                                 "uname",
351                                 "unlink",
352                                 "unlinkat",
353                                 "utime",
354                                 "utimensat",
355                                 "utimes",
356                                 "vfork",
357                                 "vmsplice",
358                                 "wait4",
359                                 "waitid",
360                                 "waitpid",
361                                 "write",
362                                 "writev"
363                         ],
364                         "action": "SCMP_ACT_ALLOW",
365                         "args": [],
366                         "comment": "",
367                         "includes": {},
368                         "excludes": {}
369                 },
370                 {
371                         "names": [
372                                 "personality"
373                         ],
374                         "action": "SCMP_ACT_ALLOW",
375                         "args": [
376                                 {
377                                         "index": 0,
378                                         "value": 0,
379                                         "valueTwo": 0,
380                                         "op": "SCMP_CMP_EQ"
381                                 }
382                         ],
383                         "comment": "",
384                         "includes": {},
385                         "excludes": {}
386                 },
387                 {
388                         "names": [
389                                 "personality"
390                         ],
391                         "action": "SCMP_ACT_ALLOW",
392                         "args": [
393                                 {
394                                         "index": 0,
395                                         "value": 8,
396                                         "valueTwo": 0,
397                                         "op": "SCMP_CMP_EQ"
398                                 }
399                         ],
400                         "comment": "",
401                         "includes": {},
402                         "excludes": {}
403                 },
404                 {
405                         "names": [
406                                 "personality"
407                         ],
408                         "action": "SCMP_ACT_ALLOW",
409                         "args": [
410                                 {
411                                         "index": 0,
412                                         "value": 131072,
413                                         "valueTwo": 0,
414                                         "op": "SCMP_CMP_EQ"
415                                 }
416                         ],
417                         "comment": "",
418                         "includes": {},
419                         "excludes": {}
420                 },
421                 {
422                         "names": [
423                                 "personality"
424                         ],
425                         "action": "SCMP_ACT_ALLOW",
426                         "args": [
427                                 {
428                                         "index": 0,
429                                         "value": 131080,
430                                         "valueTwo": 0,
431                                         "op": "SCMP_CMP_EQ"
432                                 }
433                         ],
434                         "comment": "",
435                         "includes": {},
436                         "excludes": {}
437                 },
438                 {
439                         "names": [
440                                 "personality"
441                         ],
442                         "action": "SCMP_ACT_ALLOW",
443                         "args": [
444                                 {
445                                         "index": 0,
446                                         "value": 4294967295,
447                                         "valueTwo": 0,
448                                         "op": "SCMP_CMP_EQ"
449                                 }
450                         ],
451                         "comment": "",
452                         "includes": {},
453                         "excludes": {}
454                 },
455                 {
456                         "names": [
457                                 "sync_file_range2"
458                         ],
459                         "action": "SCMP_ACT_ALLOW",
460                         "args": [],
461                         "comment": "",
462                         "includes": {
463                                 "arches": [
464                                         "ppc64le"
465                                 ]
466                         },
467                         "excludes": {}
468                 },
469                 {
470                         "names": [
471                                 "arm_fadvise64_64",
472                                 "arm_sync_file_range",
473                                 "sync_file_range2",
474                                 "breakpoint",
475                                 "cacheflush",
476                                 "set_tls"
477                         ],
478                         "action": "SCMP_ACT_ALLOW",
479                         "args": [],
480                         "comment": "",
481                         "includes": {
482                                 "arches": [
483                                         "arm",
484                                         "arm64"
485                                 ]
486                         },
487                         "excludes": {}
488                 },
489                 {
490                         "names": [
491                                 "arch_prctl"
492                         ],
493                         "action": "SCMP_ACT_ALLOW",
494                         "args": [],
495                         "comment": "",
496                         "includes": {
497                                 "arches": [
498                                         "amd64",
499                                         "x32"
500                                 ]
501                         },
502                         "excludes": {}
503                 },
504                 {
505                         "names": [
506                                 "modify_ldt"
507                         ],
508                         "action": "SCMP_ACT_ALLOW",
509                         "args": [],
510                         "comment": "",
511                         "includes": {
512                                 "arches": [
513                                         "amd64",
514                                         "x32",
515                                         "x86"
516                                 ]
517                         },
518                         "excludes": {}
519                 },
520                 {
521                         "names": [
522                                 "s390_pci_mmio_read",
523                                 "s390_pci_mmio_write",
524                                 "s390_runtime_instr"
525                         ],
526                         "action": "SCMP_ACT_ALLOW",
527                         "args": [],
528                         "comment": "",
529                         "includes": {
530                                 "arches": [
531                                         "s390",
532                                         "s390x"
533                                 ]
534                         },
535                         "excludes": {}
536                 },
537                 {
538                         "names": [
539                                 "open_by_handle_at"
540                         ],
541                         "action": "SCMP_ACT_ALLOW",
542                         "args": [],
543                         "comment": "",
544                         "includes": {
545                                 "caps": [
546                                         "CAP_DAC_READ_SEARCH"
547                                 ]
548                         },
549                         "excludes": {}
550                 },
551                 {
552                         "names": [
553                                 "bpf",
554                                 "clone",
555                                 "fanotify_init",
556                                 "lookup_dcookie",
557                                 "mount",
558                                 "name_to_handle_at",
559                                 "perf_event_open",
560                                 "setdomainname",
561                                 "sethostname",
562                                 "setns",
563                                 "umount",
564                                 "umount2",
565                                 "unshare"
566                         ],
567                         "action": "SCMP_ACT_ALLOW",
568                         "args": [],
569                         "comment": "",
570                         "includes": {
571                                 "caps": [
572                                         "CAP_SYS_ADMIN"
573                                 ]
574                         },
575                         "excludes": {}
576                 },
577                 {
578                         "names": [
579                                 "clone"
580                         ],
581                         "action": "SCMP_ACT_ALLOW",
582                         "args": [
583                                 {
584                                         "index": 0,
585                                         "value": 2080505856,
586                                         "valueTwo": 0,
587                                         "op": "SCMP_CMP_MASKED_EQ"
588                                 }
589                         ],
590                         "comment": "",
591                         "includes": {},
592                         "excludes": {
593                                 "caps": [
594                                         "CAP_SYS_ADMIN"
595                                 ],
596                                 "arches": [
597                                         "s390",
598                                         "s390x"
599                                 ]
600                         }
601                 },
602                 {
603                         "names": [
604                                 "clone"
605                         ],
606                         "action": "SCMP_ACT_ALLOW",
607                         "args": [
608                                 {
609                                         "index": 1,
610                                         "value": 2080505856,
611                                         "valueTwo": 0,
612                                         "op": "SCMP_CMP_MASKED_EQ"
613                                 }
614                         ],
615                         "comment": "s390 parameter ordering for clone is different",
616                         "includes": {
617                                 "arches": [
618                                         "s390",
619                                         "s390x"
620                                 ]
621                         },
622                         "excludes": {
623                                 "caps": [
624                                         "CAP_SYS_ADMIN"
625                                 ]
626                         }
627                 },
628                 {
629                         "names": [
630                                 "reboot"
631                         ],
632                         "action": "SCMP_ACT_ALLOW",
633                         "args": [],
634                         "comment": "",
635                         "includes": {
636                                 "caps": [
637                                         "CAP_SYS_BOOT"
638                                 ]
639                         },
640                         "excludes": {}
641                 },
642                 {
643                         "names": [
644                                 "chroot"
645                         ],
646                         "action": "SCMP_ACT_ALLOW",
647                         "args": [],
648                         "comment": "",
649                         "includes": {
650                                 "caps": [
651                                         "CAP_SYS_CHROOT"
652                                 ]
653                         },
654                         "excludes": {}
655                 },
656                 {
657                         "names": [
658                                 "delete_module",
659                                 "init_module",
660                                 "finit_module",
661                                 "query_module"
662                         ],
663                         "action": "SCMP_ACT_ALLOW",
664                         "args": [],
665                         "comment": "",
666                         "includes": {
667                                 "caps": [
668                                         "CAP_SYS_MODULE"
669                                 ]
670                         },
671                         "excludes": {}
672                 },
673                 {
674                         "names": [
675                                 "acct"
676                         ],
677                         "action": "SCMP_ACT_ALLOW",
678                         "args": [],
679                         "comment": "",
680                         "includes": {
681                                 "caps": [
682                                         "CAP_SYS_PACCT"
683                                 ]
684                         },
685                         "excludes": {}
686                 },
687                 {
688                         "names": [
689                                 "kcmp",
690                                 "process_vm_readv",
691                                 "process_vm_writev",
692                                 "ptrace"
693                         ],
694                         "action": "SCMP_ACT_ALLOW",
695                         "args": [],
696                         "comment": "",
697                         "includes": {
698                                 "caps": [
699                                         "CAP_SYS_PTRACE"
700                                 ]
701                         },
702                         "excludes": {}
703                 },
704                 {
705                         "names": [
706                                 "iopl",
707                                 "ioperm"
708                         ],
709                         "action": "SCMP_ACT_ALLOW",
710                         "args": [],
711                         "comment": "",
712                         "includes": {
713                                 "caps": [
714                                         "CAP_SYS_RAWIO"
715                                 ]
716                         },
717                         "excludes": {}
718                 },
719                 {
720                         "names": [
721                                 "settimeofday",
722                                 "stime",
723                                 "clock_settime"
724                         ],
725                         "action": "SCMP_ACT_ALLOW",
726                         "args": [],
727                         "comment": "",
728                         "includes": {
729                                 "caps": [
730                                         "CAP_SYS_TIME"
731                                 ]
732                         },
733                         "excludes": {}
734                 },
735                 {
736                         "names": [
737                                 "vhangup"
738                         ],
739                         "action": "SCMP_ACT_ALLOW",
740                         "args": [],
741                         "comment": "",
742                         "includes": {
743                                 "caps": [
744                                         "CAP_SYS_TTY_CONFIG"
745                                 ]
746                         },
747                         "excludes": {}
748                 }
749         ]
750 }
Domain: System / Docker Framework;