1# Minijail Seccomp Policy for isolated_app processes on X86-64. 2 3access: return EPERM 4 5# arch_prctl: arg0 == ARCH_SET_GS 6arch_prctl: arg0 == 0x1001; return EPERM 7 8chmod: return EPERM 9chown: return EPERM 10creat: return EPERM 11dup2: 1 12epoll_create: 1 13epoll_wait: 1 14fork: return EPERM 15fstatfs: 1 16futimesat: return EPERM 17getdents64: 1 18getdents: return EPERM 19getrlimit: 1 20ioperm: return EPERM 21iopl: return EPERM 22lchown: return EPERM 23link: return EPERM 24lstat: return EPERM 25mkdir: return EPERM 26mknod: return EPERM 27 28# mmap: flags in {MAP_SHARED|MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK|MAP_NORESERVE|MAP_FIXED|MAP_DENYWRITE} 29mmap: arg3 in 0x24833 30 31newfstatat: 1 32open: 1 33pause: 1 34pipe: 1 35poll: 1 36readlink: return EPERM 37rename: return EPERM 38rmdir: return EPERM 39select: 1 40stat: return EPERM 41symlink: return EPERM 42time: 1 43unlink: return EPERM 44uselib: return EPERM 45ustat: return EPERM 46utime: return EPERM 47utimes: return EPERM 48