1#*******************************************************************************
2#  Copyright (c) 2020 The Linux Foundation. All rights reserved.
3#
4#  Redistribution and use in source and binary forms, with or without
5#  modification, are permitted provided that the following conditions are
6#  met:
7#      * Redistributions of source code must retain the above copyright
8#        notice, this list of conditions and the following disclaimer.
9#      * Redistributions in binary form must reproduce the above
10#        copyright notice, this list of conditions and the following
11#        disclaimer in the documentation and/or other materials provided
12#        with the distribution.
13#      * Neither the name of The Linux Foundation, nor the names of its
14#        contributors may be used to endorse or promote products derived
15#        from this software without specific prior written permission.
16#
17#  THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
18#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
19#  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
20#  ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
21#  BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
24#  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
25#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
26#  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
27#  IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28#
29#******************************************************************************
30
31clone: 1
32close: 1
33connect: 1
34execve: 1
35exit_group: 1
36exit: 1
37faccessat: 1
38fcntl: 1
39fstat: 1
40fstatfs: 1
41futex: 1
42getpid: 1
43getuid: 1
44getgid: 1
45getegid: 1
46getgroups: 1
47geteuid: 1
48umask: 1
49getrandom: 1
50mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
51mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
52mremap: 1
53munmap: 1
54newfstatat: 1
55openat: 1
56#prctl: arg0 == PR_SET_VMA || arg0 == PR_SET_NO_NEW_PRIVS || arg0 == PR_GET_DUMPABLE || arg0 == PR_SET_SECCOMP || arg0 == 0x37 /* PR_??? */
57prctl: 1
58pread64: 1
59read: 1
60pwrite64: 1
61write: 1
62writev: 1
63readlinkat: 1
64restart_syscall: 1
65rt_sigaction: 1
66rt_sigprocmask: 1
67rt_sigreturn: 1
68sched_getscheduler: 1
69set_tid_address: 1
70sigaltstack: 1
71unlinkat: 1
72lseek: 1
73##ioctl: arg1 == _IOC(_IOC_NONE || arg1 == _IOC(_IOC_READ || arg1 == VSOC_MAYBE_SEND_INTERRUPT_TO_HOST
74ioctl: 1
75clock_gettime: 1
76
77
78socket: arg0 == AF_INET6 || arg0 == AF_UNIX || arg0 == AF_QIPCRTR
79connect: 1
80setsockopt: 1
81getsockname: 1
82socketpair: 1
83ppoll: 1
84pselect6: 1
85accept4: 1
86listen: 1
87bind: 1
88pipe2: 1
89
90recvmsg: 1
91sendmsg: 1
92
93sendto: 1
94recvfrom: 1
95
96