jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add seccomp feature 

add seccomp feature which is not use third-party
add multi arch surport
add test case
all code use golang

this pr is relate to #511 because I close it and find it can not be reopen

Signed-off-by: Yang Shukui <yangshukui@huawei.com>
This commit is contained in:
yangshukui 2015-04-16 08:39:12 +08:00 committed by Michael Crosby
parent ce1f2f1c86
commit 02e05e0884
10 changed files with 1949 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configs/config.go
View File

@ -61,6 +61,9 @@ type Config struct {
// All capbilities not specified will be dropped from the processes capability mask
Capabilities []string `json:"capabilities"`
// SysCalls specify the system calls to keep when executing the process inside the container
SysCalls []string `json:"syscalls"`
// Networks specifies the container's network setup to be created
Networks []*Network `json:"networks"`

15
init_linux.go
View File

@ -13,6 +13,7 @@ import (
"github.com/docker/libcontainer/cgroups"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/netlink"
"github.com/docker/libcontainer/seccomp"
"github.com/docker/libcontainer/system"
"github.com/docker/libcontainer/user"
"github.com/docker/libcontainer/utils"
@ -259,3 +260,17 @@ func killCgroupProcesses(m cgroups.Manager) error {
}
return nil
}
func finalizeSeccomp(config *initConfig) error {
scmpCtx, _ := seccomp.ScmpInit(seccomp.ScmpActAllow)
if 0 == len(config.Config.SysCalls) {
for key := range seccomp.SyscallMap {
seccomp.ScmpAdd(scmpCtx, key, seccomp.ScmpActAllow)
}
} else {
for _, call := range config.Config.SysCalls {
seccomp.ScmpAdd(scmpCtx, call, seccomp.ScmpActAllow)
}
}
return seccomp.ScmpLoad(scmpCtx)
}

65
integration/exec_test.go
View File

@ -2,6 +2,7 @@ package integration
import (
"bytes"
"fmt"
"io/ioutil"
"os"
"path/filepath"
@ -13,6 +14,7 @@ import (
"github.com/docker/libcontainer"
"github.com/docker/libcontainer/cgroups/systemd"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/seccomp"
)
func TestExecPS(t *testing.T) {
@ -714,3 +716,66 @@ func TestSystemProperties(t *testing.T) {
t.Fatalf("kernel.shmmni property expected to be 8192, but is %s", shmmniOutput)
}
}
func allExcept(calls []string) []string {
num := len(seccomp.SyscallMap) - len(calls)
filter := make([]string, num)
i := 0
for key := range seccomp.SyscallMap {
j := 0
for _, key1 := range calls {
if strings.EqualFold(key, key1) {
break
}
j++
}
if j == len(calls) {
filter[i] = key
i++
}
}
return filter
}
func TestSeccompNotStat(t *testing.T) {
if testing.Short() {
return
}
rootfs, err := newRootfs()
if err != nil {
t.Fatal(err)
}
defer remove(rootfs)
config := newTemplateConfig(rootfs)
exceptCall := []string{"STAT"}
config.SysCalls = allExcept(exceptCall)
out, _, err := runContainer(config, "", "/bin/sh", "-c", "ls / -l")
if err == nil {
t.Fatal("runContainer should be failed")
} else {
fmt.Println(out)
}
}
func TestSeccompStat(t *testing.T) {
if testing.Short() {
return
}
rootfs, err := newRootfs()
if err != nil {
t.Fatal(err)
}
defer remove(rootfs)
config := newTemplateConfig(rootfs)
exceptCall := []string{}
config.SysCalls = allExcept(exceptCall)
out, _, err := runContainer(config, "", "/bin/sh", "-c", "ls / -l")
if err != nil {
t.Fatal(err)
}
fmt.Println(out)
}

133
seccomp/seccomp.go Executable file
View File

@ -0,0 +1,133 @@
package seccomp
import (
"errors"
"fmt"
"syscall"
"unsafe"
)
type sockFilter struct {
code uint16
jt uint8
jf uint8
k uint32
}
type sockFprog struct {
len uint16
filt []sockFilter
}
type Action struct {
syscall uint32
action int
args []string
}
type ScmpCtx struct {
CallMap map[string]Action
act int
}
var ScmpActAllow = 0
func ScmpInit(action int) (*ScmpCtx, error) {
ctx := ScmpCtx{
CallMap: make(map[string]Action),
act: action,
}
return &ctx, nil
}
func ScmpAdd(ctx *ScmpCtx, call string, action int, args ...string) error {
_, exists := ctx.CallMap[call]
if exists {
return errors.New("syscall exist")
}
//fmt.Printf("%s\n", call)
sysCall, sysExists := SyscallMap[call]
if sysExists {
ctx.CallMap[call] = Action{sysCall, action, args}
return nil
}
return errors.New("syscall not surport")
}
func ScmpDel(ctx *ScmpCtx, call string) error {
_, exists := ctx.CallMap[call]
if exists {
delete(ctx.CallMap, call)
return nil
}
return errors.New("syscall not exist")
}
func ScmpBpfStmt(code uint16, k uint32) sockFilter {
return sockFilter{code, 0, 0, k}
}
func ScmpBpfJump(code uint16, k uint32, jt, jf uint8) sockFilter {
return sockFilter{code, jt, jf, k}
}
func prctl(option int, arg2, arg3, arg4, arg5 uintptr) (err error) {
_, _, e1 := syscall.Syscall6(syscall.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0)
if e1 != 0 {
err = e1
}
return nil
}
func scmpfilter(prog *sockFprog) (err error) {
_, _, e1 := syscall.Syscall(syscall.SYS_PRCTL, uintptr(syscall.PR_SET_SECCOMP),
uintptr(SECCOMP_MODE_FILTER), uintptr(unsafe.Pointer(prog)))
if e1 != 0 {
err = e1
}
return nil
}
func ScmpLoad(ctx *ScmpCtx) error {
for key := range SyscallMapMin {
ScmpAdd(ctx, key, ScmpActAllow)
}
num := len(ctx.CallMap)
filter := make([]sockFilter, num*2+3)
i := 0
filter[i] = ScmpBpfStmt(syscall.BPF_LD+syscall.BPF_W+syscall.BPF_ABS, 0)
i++
for _, value := range ctx.CallMap {
filter[i] = ScmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, value.syscall, 0, 1)
i++
filter[i] = ScmpBpfStmt(syscall.BPF_RET+syscall.BPF_K, SECCOMP_RET_ALLOW)
i++
}
filter[i] = ScmpBpfStmt(syscall.BPF_RET+syscall.BPF_K, SECCOMP_RET_TRAP)
i++
filter[i] = ScmpBpfStmt(syscall.BPF_RET+syscall.BPF_K, SECCOMP_RET_KILL)
i++
prog := sockFprog{
len: uint16(i),
filt: filter,
}
if nil != prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) {
fmt.Println("prctl PR_SET_NO_NEW_PRIVS error")
return errors.New("prctl PR_SET_NO_NEW_PRIVS error")
}
if nil != scmpfilter(&prog) {
fmt.Println("scmpfilter error")
return errors.New("scmpfilter error")
}
return nil
}

364
seccomp/syscall_linux_386.go Normal file
View File

@ -0,0 +1,364 @@
// +build linux
// +build 386
package seccomp
import (
"syscall"
)
const (
SECCOMP_RET_KILL = 0x00000000
SECCOMP_RET_TRAP = 0x00030000
SECCOMP_RET_ALLOW = 0x7fff0000
SECCOMP_MODE_FILTER = 0x2
PR_SET_NO_NEW_PRIVS = 0x26
)
var SyscallMap = map[string]uint32{
"RESTART_SYSCALL": syscall.SYS_RESTART_SYSCALL,
"EXIT": syscall.SYS_EXIT,
"FORK": syscall.SYS_FORK,
"READ": syscall.SYS_READ,
"WRITE": syscall.SYS_WRITE,
"OPEN": syscall.SYS_OPEN,
"CLOSE": syscall.SYS_CLOSE,
"WAITPID": syscall.SYS_WAITPID,
"CREAT": syscall.SYS_CREAT,
"LINK": syscall.SYS_LINK,
"UNLINK": syscall.SYS_UNLINK,
"EXECVE": syscall.SYS_EXECVE,
"CHDIR": syscall.SYS_CHDIR,
"TIME": syscall.SYS_TIME,
"MKNOD": syscall.SYS_MKNOD,
"CHMOD": syscall.SYS_CHMOD,
"LCHOWN": syscall.SYS_LCHOWN,
"BREAK": syscall.SYS_BREAK,
"OLDSTAT": syscall.SYS_OLDSTAT,
"LSEEK": syscall.SYS_LSEEK,
"GETPID": syscall.SYS_GETPID,
"MOUNT": syscall.SYS_MOUNT,
"UMOUNT": syscall.SYS_UMOUNT,
"SETUID": syscall.SYS_SETUID,
"GETUID": syscall.SYS_GETUID,
"STIME": syscall.SYS_STIME,
"PTRACE": syscall.SYS_PTRACE,
"ALARM": syscall.SYS_ALARM,
"OLDFSTAT": syscall.SYS_OLDFSTAT,
"PAUSE": syscall.SYS_PAUSE,
"UTIME": syscall.SYS_UTIME,
"STTY": syscall.SYS_STTY,
"GTTY": syscall.SYS_GTTY,
"ACCESS": syscall.SYS_ACCESS,
"NICE": syscall.SYS_NICE,
"FTIME": syscall.SYS_FTIME,
"SYNC": syscall.SYS_SYNC,
"KILL": syscall.SYS_KILL,
"RENAME": syscall.SYS_RENAME,
"MKDIR": syscall.SYS_MKDIR,
"RMDIR": syscall.SYS_RMDIR,
"DUP": syscall.SYS_DUP,
"PIPE": syscall.SYS_PIPE,
"TIMES": syscall.SYS_TIMES,
"PROF": syscall.SYS_PROF,
"BRK": syscall.SYS_BRK,
"SETGID": syscall.SYS_SETGID,
"GETGID": syscall.SYS_GETGID,
"SIGNAL": syscall.SYS_SIGNAL,
"GETEUID": syscall.SYS_GETEUID,
"GETEGID": syscall.SYS_GETEGID,
"ACCT": syscall.SYS_ACCT,
"UMOUNT2": syscall.SYS_UMOUNT2,
"LOCK": syscall.SYS_LOCK,
"IOCTL": syscall.SYS_IOCTL,
"FCNTL": syscall.SYS_FCNTL,
"MPX": syscall.SYS_MPX,
"SETPGID": syscall.SYS_SETPGID,
"ULIMIT": syscall.SYS_ULIMIT,
"OLDOLDUNAME": syscall.SYS_OLDOLDUNAME,
"UMASK": syscall.SYS_UMASK,
"CHROOT": syscall.SYS_CHROOT,
"USTAT": syscall.SYS_USTAT,
"DUP2": syscall.SYS_DUP2,
"GETPPID": syscall.SYS_GETPPID,
"GETPGRP": syscall.SYS_GETPGRP,
"SETSID": syscall.SYS_SETSID,
"SIGACTION": syscall.SYS_SIGACTION,
"SGETMASK": syscall.SYS_SGETMASK,
"SSETMASK": syscall.SYS_SSETMASK,
"SETREUID": syscall.SYS_SETREUID,
"SETREGID": syscall.SYS_SETREGID,
"SIGSUSPEND": syscall.SYS_SIGSUSPEND,
"SIGPENDING": syscall.SYS_SIGPENDING,
"SETHOSTNAME": syscall.SYS_SETHOSTNAME,
"SETRLIMIT": syscall.SYS_SETRLIMIT,
"GETRLIMIT": syscall.SYS_GETRLIMIT,
"GETRUSAGE": syscall.SYS_GETRUSAGE,
"GETTIMEOFDAY": syscall.SYS_GETTIMEOFDAY,
"SETTIMEOFDAY": syscall.SYS_SETTIMEOFDAY,
"GETGROUPS": syscall.SYS_GETGROUPS,
"SETGROUPS": syscall.SYS_SETGROUPS,
"SELECT": syscall.SYS_SELECT,
"SYMLINK": syscall.SYS_SYMLINK,
"OLDLSTAT": syscall.SYS_OLDLSTAT,
"READLINK": syscall.SYS_READLINK,
"USELIB": syscall.SYS_USELIB,
"SWAPON": syscall.SYS_SWAPON,
"REBOOT": syscall.SYS_REBOOT,
"READDIR": syscall.SYS_READDIR,
"MMAP": syscall.SYS_MMAP,
"MUNMAP": syscall.SYS_MUNMAP,
"TRUNCATE": syscall.SYS_TRUNCATE,
"FTRUNCATE": syscall.SYS_FTRUNCATE,
"FCHMOD": syscall.SYS_FCHMOD,
"FCHOWN": syscall.SYS_FCHOWN,
"GETPRIORITY": syscall.SYS_GETPRIORITY,
"SETPRIORITY": syscall.SYS_SETPRIORITY,
"PROFIL": syscall.SYS_PROFIL,
"STATFS": syscall.SYS_STATFS,
"FSTATFS": syscall.SYS_FSTATFS,
"IOPERM": syscall.SYS_IOPERM,
"SOCKETCALL": syscall.SYS_SOCKETCALL,
"SYSLOG": syscall.SYS_SYSLOG,
"SETITIMER": syscall.SYS_SETITIMER,
"GETITIMER": syscall.SYS_GETITIMER,
"STAT": syscall.SYS_STAT,
"LSTAT": syscall.SYS_LSTAT,
"FSTAT": syscall.SYS_FSTAT,
"OLDUNAME": syscall.SYS_OLDUNAME,
"IOPL": syscall.SYS_IOPL,
"VHANGUP": syscall.SYS_VHANGUP,
"IDLE": syscall.SYS_IDLE,
"VM86OLD": syscall.SYS_VM86OLD,
"WAIT4": syscall.SYS_WAIT4,
"SWAPOFF": syscall.SYS_SWAPOFF,
"SYSINFO": syscall.SYS_SYSINFO,
"IPC": syscall.SYS_IPC,
"FSYNC": syscall.SYS_FSYNC,
"SIGRETURN": syscall.SYS_SIGRETURN,
"CLONE": syscall.SYS_CLONE,
"SETDOMAINNAME": syscall.SYS_SETDOMAINNAME,
"UNAME": syscall.SYS_UNAME,
"MODIFY_LDT": syscall.SYS_MODIFY_LDT,
"ADJTIMEX": syscall.SYS_ADJTIMEX,
"MPROTECT": syscall.SYS_MPROTECT,
"SIGPROCMASK": syscall.SYS_SIGPROCMASK,
"CREATE_MODULE": syscall.SYS_CREATE_MODULE,
"INIT_MODULE": syscall.SYS_INIT_MODULE,
"DELETE_MODULE": syscall.SYS_DELETE_MODULE,
"GET_KERNEL_SYMS": syscall.SYS_GET_KERNEL_SYMS,
"QUOTACTL": syscall.SYS_QUOTACTL,
"GETPGID": syscall.SYS_GETPGID,
"FCHDIR": syscall.SYS_FCHDIR,
"BDFLUSH": syscall.SYS_BDFLUSH,
"SYSFS": syscall.SYS_SYSFS,
"PERSONALITY": syscall.SYS_PERSONALITY,
"AFS_SYSCALL": syscall.SYS_AFS_SYSCALL,
"SETFSUID": syscall.SYS_SETFSUID,
"SETFSGID": syscall.SYS_SETFSGID,
"_LLSEEK": syscall.SYS__LLSEEK,
"GETDENTS": syscall.SYS_GETDENTS,
"_NEWSELECT": syscall.SYS__NEWSELECT,
"FLOCK": syscall.SYS_FLOCK,
"MSYNC": syscall.SYS_MSYNC,
"READV": syscall.SYS_READV,
"WRITEV": syscall.SYS_WRITEV,
"GETSID": syscall.SYS_GETSID,
"FDATASYNC": syscall.SYS_FDATASYNC,
"_SYSCTL": syscall.SYS__SYSCTL,
"MLOCK": syscall.SYS_MLOCK,
"MUNLOCK": syscall.SYS_MUNLOCK,
"MLOCKALL": syscall.SYS_MLOCKALL,
"MUNLOCKALL": syscall.SYS_MUNLOCKALL,
"SCHED_SETPARAM": syscall.SYS_SCHED_SETPARAM,
"SCHED_GETPARAM": syscall.SYS_SCHED_GETPARAM,
"SCHED_SETSCHEDULER": syscall.SYS_SCHED_SETSCHEDULER,
"SCHED_GETSCHEDULER": syscall.SYS_SCHED_GETSCHEDULER,
"SCHED_YIELD": syscall.SYS_SCHED_YIELD,
"SCHED_GET_PRIORITY_MAX": syscall.SYS_SCHED_GET_PRIORITY_MAX,
"SCHED_GET_PRIORITY_MIN": syscall.SYS_SCHED_GET_PRIORITY_MIN,
"SCHED_RR_GET_INTERVAL": syscall.SYS_SCHED_RR_GET_INTERVAL,
"NANOSLEEP": syscall.SYS_NANOSLEEP,
"MREMAP": syscall.SYS_MREMAP,
"SETRESUID": syscall.SYS_SETRESUID,
"GETRESUID": syscall.SYS_GETRESUID,
"VM86": syscall.SYS_VM86,
"QUERY_MODULE": syscall.SYS_QUERY_MODULE,
"POLL": syscall.SYS_POLL,
"NFSSERVCTL": syscall.SYS_NFSSERVCTL,
"SETRESGID": syscall.SYS_SETRESGID,
"GETRESGID": syscall.SYS_GETRESGID,
"PRCTL": syscall.SYS_PRCTL,
"RT_SIGRETURN": syscall.SYS_RT_SIGRETURN,
"RT_SIGACTION": syscall.SYS_RT_SIGACTION,
"RT_SIGPROCMASK": syscall.SYS_RT_SIGPROCMASK,
"RT_SIGPENDING": syscall.SYS_RT_SIGPENDING,
"RT_SIGTIMEDWAIT": syscall.SYS_RT_SIGTIMEDWAIT,
"RT_SIGQUEUEINFO": syscall.SYS_RT_SIGQUEUEINFO,
"RT_SIGSUSPEND": syscall.SYS_RT_SIGSUSPEND,
"PREAD64": syscall.SYS_PREAD64,
"PWRITE64": syscall.SYS_PWRITE64,
"CHOWN": syscall.SYS_CHOWN,
"GETCWD": syscall.SYS_GETCWD,
"CAPGET": syscall.SYS_CAPGET,
"CAPSET": syscall.SYS_CAPSET,
"SIGALTSTACK": syscall.SYS_SIGALTSTACK,
"SENDFILE": syscall.SYS_SENDFILE,
"GETPMSG": syscall.SYS_GETPMSG,
"PUTPMSG": syscall.SYS_PUTPMSG,
"VFORK": syscall.SYS_VFORK,
"UGETRLIMIT": syscall.SYS_UGETRLIMIT,
"MMAP2": syscall.SYS_MMAP2,
"TRUNCATE64": syscall.SYS_TRUNCATE64,
"FTRUNCATE64": syscall.SYS_FTRUNCATE64,
"STAT64": syscall.SYS_STAT64,
"LSTAT64": syscall.SYS_LSTAT64,
"FSTAT64": syscall.SYS_FSTAT64,
"LCHOWN32": syscall.SYS_LCHOWN32,
"GETUID32": syscall.SYS_GETUID32,
"GETGID32": syscall.SYS_GETGID32,
"GETEUID32": syscall.SYS_GETEUID32,
"GETEGID32": syscall.SYS_GETEGID32,
"SETREUID32": syscall.SYS_SETREUID32,
"SETREGID32": syscall.SYS_SETREGID32,
"GETGROUPS32": syscall.SYS_GETGROUPS32,
"SETGROUPS32": syscall.SYS_SETGROUPS32,
"FCHOWN32": syscall.SYS_FCHOWN32,
"SETRESUID32": syscall.SYS_SETRESUID32,
"GETRESUID32": syscall.SYS_GETRESUID32,
"SETRESGID32": syscall.SYS_SETRESGID32,
"GETRESGID32": syscall.SYS_GETRESGID32,
"CHOWN32": syscall.SYS_CHOWN32,
"SETUID32": syscall.SYS_SETUID32,
"SETGID32": syscall.SYS_SETGID32,
"SETFSUID32": syscall.SYS_SETFSUID32,
"SETFSGID32": syscall.SYS_SETFSGID32,
"PIVOT_ROOT": syscall.SYS_PIVOT_ROOT,
"MINCORE": syscall.SYS_MINCORE,
"MADVISE": syscall.SYS_MADVISE,
"MADVISE1": syscall.SYS_MADVISE1,
"GETDENTS64": syscall.SYS_GETDENTS64,
"FCNTL64": syscall.SYS_FCNTL64,
"GETTID": syscall.SYS_GETTID,
"READAHEAD": syscall.SYS_READAHEAD,
"SETXATTR": syscall.SYS_SETXATTR,
"LSETXATTR": syscall.SYS_LSETXATTR,
"FSETXATTR": syscall.SYS_FSETXATTR,
"GETXATTR": syscall.SYS_GETXATTR,
"LGETXATTR": syscall.SYS_LGETXATTR,
"FGETXATTR": syscall.SYS_FGETXATTR,
"LISTXATTR": syscall.SYS_LISTXATTR,
"LLISTXATTR": syscall.SYS_LLISTXATTR,
"FLISTXATTR": syscall.SYS_FLISTXATTR,
"REMOVEXATTR": syscall.SYS_REMOVEXATTR,
"LREMOVEXATTR": syscall.SYS_LREMOVEXATTR,
"FREMOVEXATTR": syscall.SYS_FREMOVEXATTR,
"TKILL": syscall.SYS_TKILL,
"SENDFILE64": syscall.SYS_SENDFILE64,
"FUTEX": syscall.SYS_FUTEX,
"SCHED_SETAFFINITY": syscall.SYS_SCHED_SETAFFINITY,
"SCHED_GETAFFINITY": syscall.SYS_SCHED_GETAFFINITY,
"SET_THREAD_AREA": syscall.SYS_SET_THREAD_AREA,
"GET_THREAD_AREA": syscall.SYS_GET_THREAD_AREA,
"IO_SETUP": syscall.SYS_IO_SETUP,
"IO_DESTROY": syscall.SYS_IO_DESTROY,
"IO_GETEVENTS": syscall.SYS_IO_GETEVENTS,
"IO_SUBMIT": syscall.SYS_IO_SUBMIT,
"IO_CANCEL": syscall.SYS_IO_CANCEL,
"FADVISE64": syscall.SYS_FADVISE64,
"EXIT_GROUP": syscall.SYS_EXIT_GROUP,
"LOOKUP_DCOOKIE": syscall.SYS_LOOKUP_DCOOKIE,
"EPOLL_CREATE": syscall.SYS_EPOLL_CREATE,
"EPOLL_CTL": syscall.SYS_EPOLL_CTL,
"EPOLL_WAIT": syscall.SYS_EPOLL_WAIT,
"REMAP_FILE_PAGES": syscall.SYS_REMAP_FILE_PAGES,
"SET_TID_ADDRESS": syscall.SYS_SET_TID_ADDRESS,
"TIMER_CREATE": syscall.SYS_TIMER_CREATE,
"TIMER_SETTIME": syscall.SYS_TIMER_SETTIME,
"TIMER_GETTIME": syscall.SYS_TIMER_GETTIME,
"TIMER_GETOVERRUN": syscall.SYS_TIMER_GETOVERRUN,
"TIMER_DELETE": syscall.SYS_TIMER_DELETE,
"CLOCK_SETTIME": syscall.SYS_CLOCK_SETTIME,
"CLOCK_GETTIME": syscall.SYS_CLOCK_GETTIME,
"CLOCK_GETRES": syscall.SYS_CLOCK_GETRES,
"CLOCK_NANOSLEEP": syscall.SYS_CLOCK_NANOSLEEP,
"STATFS64": syscall.SYS_STATFS64,
"FSTATFS64": syscall.SYS_FSTATFS64,
"TGKILL": syscall.SYS_TGKILL,
"UTIMES": syscall.SYS_UTIMES,
"FADVISE64_64": syscall.SYS_FADVISE64_64,
"VSERVER": syscall.SYS_VSERVER,
"MBIND": syscall.SYS_MBIND,
"GET_MEMPOLICY": syscall.SYS_GET_MEMPOLICY,
"SET_MEMPOLICY": syscall.SYS_SET_MEMPOLICY,
"MQ_OPEN": syscall.SYS_MQ_OPEN,
"MQ_UNLINK": syscall.SYS_MQ_UNLINK,
"MQ_TIMEDSEND": syscall.SYS_MQ_TIMEDSEND,
"MQ_TIMEDRECEIVE": syscall.SYS_MQ_TIMEDRECEIVE,
"MQ_NOTIFY": syscall.SYS_MQ_NOTIFY,
"MQ_GETSETATTR": syscall.SYS_MQ_GETSETATTR,
"KEXEC_LOAD": syscall.SYS_KEXEC_LOAD,
"WAITID": syscall.SYS_WAITID,
"ADD_KEY": syscall.SYS_ADD_KEY,
"REQUEST_KEY": syscall.SYS_REQUEST_KEY,
"KEYCTL": syscall.SYS_KEYCTL,
"IOPRIO_SET": syscall.SYS_IOPRIO_SET,
"IOPRIO_GET": syscall.SYS_IOPRIO_GET,
"INOTIFY_INIT": syscall.SYS_INOTIFY_INIT,
"INOTIFY_ADD_WATCH": syscall.SYS_INOTIFY_ADD_WATCH,
"INOTIFY_RM_WATCH": syscall.SYS_INOTIFY_RM_WATCH,
"MIGRATE_PAGES": syscall.SYS_MIGRATE_PAGES,
"OPENAT": syscall.SYS_OPENAT,
"MKDIRAT": syscall.SYS_MKDIRAT,
"MKNODAT": syscall.SYS_MKNODAT,
"FCHOWNAT": syscall.SYS_FCHOWNAT,
"FUTIMESAT": syscall.SYS_FUTIMESAT,
"FSTATAT64": syscall.SYS_FSTATAT64,
"UNLINKAT": syscall.SYS_UNLINKAT,
"RENAMEAT": syscall.SYS_RENAMEAT,
"LINKAT": syscall.SYS_LINKAT,
"SYMLINKAT": syscall.SYS_SYMLINKAT,
"READLINKAT": syscall.SYS_READLINKAT,
"FCHMODAT": syscall.SYS_FCHMODAT,
"FACCESSAT": syscall.SYS_FACCESSAT,
"PSELECT6": syscall.SYS_PSELECT6,
"PPOLL": syscall.SYS_PPOLL,
"UNSHARE": syscall.SYS_UNSHARE,
"SET_ROBUST_LIST": syscall.SYS_SET_ROBUST_LIST,
"GET_ROBUST_LIST": syscall.SYS_GET_ROBUST_LIST,
"SPLICE": syscall.SYS_SPLICE,
"SYNC_FILE_RANGE": syscall.SYS_SYNC_FILE_RANGE,
"TEE": syscall.SYS_TEE,
"VMSPLICE": syscall.SYS_VMSPLICE,
"MOVE_PAGES": syscall.SYS_MOVE_PAGES,
"GETCPU": syscall.SYS_GETCPU,
"EPOLL_PWAIT": syscall.SYS_EPOLL_PWAIT,
"UTIMENSAT": syscall.SYS_UTIMENSAT,
"SIGNALFD": syscall.SYS_SIGNALFD,
"TIMERFD_CREATE": syscall.SYS_TIMERFD_CREATE,
"EVENTFD": syscall.SYS_EVENTFD,
"FALLOCATE": syscall.SYS_FALLOCATE,
"TIMERFD_SETTIME": syscall.SYS_TIMERFD_SETTIME,
"TIMERFD_GETTIME": syscall.SYS_TIMERFD_GETTIME,
"SIGNALFD4": syscall.SYS_SIGNALFD4,
"EVENTFD2": syscall.SYS_EVENTFD2,
"EPOLL_CREATE1": syscall.SYS_EPOLL_CREATE1,
"DUP3": syscall.SYS_DUP3,
"PIPE2": syscall.SYS_PIPE2,
"INOTIFY_INIT1": syscall.SYS_INOTIFY_INIT1,
"PREADV": syscall.SYS_PREADV,
"PWRITEV": syscall.SYS_PWRITEV,
"RT_TGSIGQUEUEINFO": syscall.SYS_RT_TGSIGQUEUEINFO,
"PERF_EVENT_OPEN": syscall.SYS_PERF_EVENT_OPEN,
"RECVMMSG": syscall.SYS_RECVMMSG,
"FANOTIFY_INIT": syscall.SYS_FANOTIFY_INIT,
"FANOTIFY_MARK": syscall.SYS_FANOTIFY_MARK,
"PRLIMIT64": syscall.SYS_PRLIMIT64,
}
var SyscallMapMin = map[string]uint32{
"WRITE": syscall.SYS_WRITE,
"RT_SIGRETURN": syscall.SYS_RT_SIGRETURN,
"EXIT_GROUP": syscall.SYS_EXIT_GROUP,
"FUTEX": syscall.SYS_FUTEX,
}

329
seccomp/syscall_linux_amd64.go Executable file
View File

@ -0,0 +1,329 @@
// +build linux
// +build amd64
package seccomp
import (
"syscall"
)
const (
SECCOMP_RET_KILL = 0x00000000
SECCOMP_RET_TRAP = 0x00030000
SECCOMP_RET_ALLOW = 0x7fff0000
SECCOMP_MODE_FILTER = 0x2
PR_SET_NO_NEW_PRIVS = 0x26
)
var SyscallMap = map[string]uint32{
"READ": syscall.SYS_READ,
"WRITE": syscall.SYS_WRITE,
"OPEN": syscall.SYS_OPEN,
"CLOSE": syscall.SYS_CLOSE,
"STAT": syscall.SYS_STAT,
"FSTAT": syscall.SYS_FSTAT,
"LSTAT": syscall.SYS_LSTAT,
"POLL": syscall.SYS_POLL,
"LSEEK": syscall.SYS_LSEEK,
"MMAP": syscall.SYS_MMAP,
"MPROTECT": syscall.SYS_MPROTECT,
"MUNMAP": syscall.SYS_MUNMAP,
"BRK": syscall.SYS_BRK,
"RT_SIGACTION": syscall.SYS_RT_SIGACTION,
"RT_SIGPROCMASK": syscall.SYS_RT_SIGPROCMASK,
"RT_SIGRETURN": syscall.SYS_RT_SIGRETURN,
"IOCTL": syscall.SYS_IOCTL,
"PREAD64": syscall.SYS_PREAD64,
"PWRITE64": syscall.SYS_PWRITE64,
"READV": syscall.SYS_READV,
"WRITEV": syscall.SYS_WRITEV,
"ACCESS": syscall.SYS_ACCESS,
"PIPE": syscall.SYS_PIPE,
"SELECT": syscall.SYS_SELECT,
"SCHED_YIELD": syscall.SYS_SCHED_YIELD,
"MREMAP": syscall.SYS_MREMAP,
"MSYNC": syscall.SYS_MSYNC,
"MINCORE": syscall.SYS_MINCORE,
"MADVISE": syscall.SYS_MADVISE,
"SHMGET": syscall.SYS_SHMGET,
"SHMAT": syscall.SYS_SHMAT,
"SHMCTL": syscall.SYS_SHMCTL,
"DUP": syscall.SYS_DUP,
"DUP2": syscall.SYS_DUP2,
"PAUSE": syscall.SYS_PAUSE,
"NANOSLEEP": syscall.SYS_NANOSLEEP,
"GETITIMER": syscall.SYS_GETITIMER,
"ALARM": syscall.SYS_ALARM,
"SETITIMER": syscall.SYS_SETITIMER,
"GETPID": syscall.SYS_GETPID,
"SENDFILE": syscall.SYS_SENDFILE,
"SOCKET": syscall.SYS_SOCKET,
"CONNECT": syscall.SYS_CONNECT,
"ACCEPT": syscall.SYS_ACCEPT,
"SENDTO": syscall.SYS_SENDTO,
"RECVFROM": syscall.SYS_RECVFROM,
"SENDMSG": syscall.SYS_SENDMSG,
"RECVMSG": syscall.SYS_RECVMSG,
"SHUTDOWN": syscall.SYS_SHUTDOWN,
"BIND": syscall.SYS_BIND,
"LISTEN": syscall.SYS_LISTEN,
"GETSOCKNAME": syscall.SYS_GETSOCKNAME,
"GETPEERNAME": syscall.SYS_GETPEERNAME,
"SOCKETPAIR": syscall.SYS_SOCKETPAIR,
"SETSOCKOPT": syscall.SYS_SETSOCKOPT,
"GETSOCKOPT": syscall.SYS_GETSOCKOPT,
"CLONE": syscall.SYS_CLONE,
"FORK": syscall.SYS_FORK,
"VFORK": syscall.SYS_VFORK,
"EXECVE": syscall.SYS_EXECVE,
"EXIT": syscall.SYS_EXIT,
"WAIT4": syscall.SYS_WAIT4,
"KILL": syscall.SYS_KILL,
"UNAME": syscall.SYS_UNAME,
"SEMGET": syscall.SYS_SEMGET,
"SEMOP": syscall.SYS_SEMOP,
"SEMCTL": syscall.SYS_SEMCTL,
"SHMDT": syscall.SYS_SHMDT,
"MSGGET": syscall.SYS_MSGGET,
"MSGSND": syscall.SYS_MSGSND,
"MSGRCV": syscall.SYS_MSGRCV,
"MSGCTL": syscall.SYS_MSGCTL,
"FCNTL": syscall.SYS_FCNTL,
"FLOCK": syscall.SYS_FLOCK,
"FSYNC": syscall.SYS_FSYNC,
"FDATASYNC": syscall.SYS_FDATASYNC,
"TRUNCATE": syscall.SYS_TRUNCATE,
"FTRUNCATE": syscall.SYS_FTRUNCATE,
"GETDENTS": syscall.SYS_GETDENTS,
"GETCWD": syscall.SYS_GETCWD,
"CHDIR": syscall.SYS_CHDIR,
"FCHDIR": syscall.SYS_FCHDIR,
"RENAME": syscall.SYS_RENAME,
"MKDIR": syscall.SYS_MKDIR,
"RMDIR": syscall.SYS_RMDIR,
"CREAT": syscall.SYS_CREAT,
"LINK": syscall.SYS_LINK,
"UNLINK": syscall.SYS_UNLINK,
"SYMLINK": syscall.SYS_SYMLINK,
"READLINK": syscall.SYS_READLINK,
"CHMOD": syscall.SYS_CHMOD,
"FCHMOD": syscall.SYS_FCHMOD,
"CHOWN": syscall.SYS_CHOWN,
"FCHOWN": syscall.SYS_FCHOWN,
"LCHOWN": syscall.SYS_LCHOWN,
"UMASK": syscall.SYS_UMASK,
"GETTIMEOFDAY": syscall.SYS_GETTIMEOFDAY,
"GETRLIMIT": syscall.SYS_GETRLIMIT,
"GETRUSAGE": syscall.SYS_GETRUSAGE,
"SYSINFO": syscall.SYS_SYSINFO,
"TIMES": syscall.SYS_TIMES,
"PTRACE": syscall.SYS_PTRACE,
"GETUID": syscall.SYS_GETUID,
"SYSLOG": syscall.SYS_SYSLOG,
"GETGID": syscall.SYS_GETGID,
"SETUID": syscall.SYS_SETUID,
"SETGID": syscall.SYS_SETGID,
"GETEUID": syscall.SYS_GETEUID,
"GETEGID": syscall.SYS_GETEGID,
"SETPGID": syscall.SYS_SETPGID,
"GETPPID": syscall.SYS_GETPPID,
"GETPGRP": syscall.SYS_GETPGRP,
"SETSID": syscall.SYS_SETSID,
"SETREUID": syscall.SYS_SETREUID,
"SETREGID": syscall.SYS_SETREGID,
"GETGROUPS": syscall.SYS_GETGROUPS,
"SETGROUPS": syscall.SYS_SETGROUPS,
"SETRESUID": syscall.SYS_SETRESUID,
"GETRESUID": syscall.SYS_GETRESUID,
"SETRESGID": syscall.SYS_SETRESGID,
"GETRESGID": syscall.SYS_GETRESGID,
"GETPGID": syscall.SYS_GETPGID,
"SETFSUID": syscall.SYS_SETFSUID,
"SETFSGID": syscall.SYS_SETFSGID,
"GETSID": syscall.SYS_GETSID,
"CAPGET": syscall.SYS_CAPGET,
"CAPSET": syscall.SYS_CAPSET,
"RT_SIGPENDING": syscall.SYS_RT_SIGPENDING,
"RT_SIGTIMEDWAIT": syscall.SYS_RT_SIGTIMEDWAIT,
"RT_SIGQUEUEINFO": syscall.SYS_RT_SIGQUEUEINFO,
"RT_SIGSUSPEND": syscall.SYS_RT_SIGSUSPEND,
"SIGALTSTACK": syscall.SYS_SIGALTSTACK,
"UTIME": syscall.SYS_UTIME,
"MKNOD": syscall.SYS_MKNOD,
"USELIB": syscall.SYS_USELIB,
"PERSONALITY": syscall.SYS_PERSONALITY,
"USTAT": syscall.SYS_USTAT,
"STATFS": syscall.SYS_STATFS,
"FSTATFS": syscall.SYS_FSTATFS,
"SYSFS": syscall.SYS_SYSFS,
"GETPRIORITY": syscall.SYS_GETPRIORITY,
"SETPRIORITY": syscall.SYS_SETPRIORITY,
"SCHED_SETPARAM": syscall.SYS_SCHED_SETPARAM,
"SCHED_GETPARAM": syscall.SYS_SCHED_GETPARAM,
"SCHED_SETSCHEDULER": syscall.SYS_SCHED_SETSCHEDULER,
"SCHED_GETSCHEDULER": syscall.SYS_SCHED_GETSCHEDULER,
"SCHED_GET_PRIORITY_MAX": syscall.SYS_SCHED_GET_PRIORITY_MAX,
"SCHED_GET_PRIORITY_MIN": syscall.SYS_SCHED_GET_PRIORITY_MIN,
"SCHED_RR_GET_INTERVAL": syscall.SYS_SCHED_RR_GET_INTERVAL,
"MLOCK": syscall.SYS_MLOCK,
"MUNLOCK": syscall.SYS_MUNLOCK,
"MLOCKALL": syscall.SYS_MLOCKALL,
"MUNLOCKALL": syscall.SYS_MUNLOCKALL,
"VHANGUP": syscall.SYS_VHANGUP,
"MODIFY_LDT": syscall.SYS_MODIFY_LDT,
"PIVOT_ROOT": syscall.SYS_PIVOT_ROOT,
"_SYSCTL": syscall.SYS__SYSCTL,
"PRCTL": syscall.SYS_PRCTL,
"ARCH_PRCTL": syscall.SYS_ARCH_PRCTL,
"ADJTIMEX": syscall.SYS_ADJTIMEX,
"SETRLIMIT": syscall.SYS_SETRLIMIT,
"CHROOT": syscall.SYS_CHROOT,
"SYNC": syscall.SYS_SYNC,
"ACCT": syscall.SYS_ACCT,
"SETTIMEOFDAY": syscall.SYS_SETTIMEOFDAY,
"MOUNT": syscall.SYS_MOUNT,
"UMOUNT2": syscall.SYS_UMOUNT2,
"SWAPON": syscall.SYS_SWAPON,
"SWAPOFF": syscall.SYS_SWAPOFF,
"REBOOT": syscall.SYS_REBOOT,
"SETHOSTNAME": syscall.SYS_SETHOSTNAME,
"SETDOMAINNAME": syscall.SYS_SETDOMAINNAME,
"IOPL": syscall.SYS_IOPL,
"IOPERM": syscall.SYS_IOPERM,
"CREATE_MODULE": syscall.SYS_CREATE_MODULE,
"INIT_MODULE": syscall.SYS_INIT_MODULE,
"DELETE_MODULE": syscall.SYS_DELETE_MODULE,
"GET_KERNEL_SYMS": syscall.SYS_GET_KERNEL_SYMS,
"QUERY_MODULE": syscall.SYS_QUERY_MODULE,
"QUOTACTL": syscall.SYS_QUOTACTL,
"NFSSERVCTL": syscall.SYS_NFSSERVCTL,
"GETPMSG": syscall.SYS_GETPMSG,
"PUTPMSG": syscall.SYS_PUTPMSG,
"AFS_SYSCALL": syscall.SYS_AFS_SYSCALL,
"TUXCALL": syscall.SYS_TUXCALL,
"SECURITY": syscall.SYS_SECURITY,
"GETTID": syscall.SYS_GETTID,
"READAHEAD": syscall.SYS_READAHEAD,
"SETXATTR": syscall.SYS_SETXATTR,
"LSETXATTR": syscall.SYS_LSETXATTR,
"FSETXATTR": syscall.SYS_FSETXATTR,
"GETXATTR": syscall.SYS_GETXATTR,
"LGETXATTR": syscall.SYS_LGETXATTR,
"FGETXATTR": syscall.SYS_FGETXATTR,
"LISTXATTR": syscall.SYS_LISTXATTR,
"LLISTXATTR": syscall.SYS_LLISTXATTR,
"FLISTXATTR": syscall.SYS_FLISTXATTR,
"REMOVEXATTR": syscall.SYS_REMOVEXATTR,
"LREMOVEXATTR": syscall.SYS_LREMOVEXATTR,
"FREMOVEXATTR": syscall.SYS_FREMOVEXATTR,
"TKILL": syscall.SYS_TKILL,
"TIME": syscall.SYS_TIME,
"FUTEX": syscall.SYS_FUTEX,
"SCHED_SETAFFINITY": syscall.SYS_SCHED_SETAFFINITY,
"SCHED_GETAFFINITY": syscall.SYS_SCHED_GETAFFINITY,
"SET_THREAD_AREA": syscall.SYS_SET_THREAD_AREA,
"IO_SETUP": syscall.SYS_IO_SETUP,
"IO_DESTROY": syscall.SYS_IO_DESTROY,
"IO_GETEVENTS": syscall.SYS_IO_GETEVENTS,
"IO_SUBMIT": syscall.SYS_IO_SUBMIT,
"IO_CANCEL": syscall.SYS_IO_CANCEL,
"GET_THREAD_AREA": syscall.SYS_GET_THREAD_AREA,
"LOOKUP_DCOOKIE": syscall.SYS_LOOKUP_DCOOKIE,
"EPOLL_CREATE": syscall.SYS_EPOLL_CREATE,
"EPOLL_CTL_OLD": syscall.SYS_EPOLL_CTL_OLD,
"EPOLL_WAIT_OLD": syscall.SYS_EPOLL_WAIT_OLD,
"REMAP_FILE_PAGES": syscall.SYS_REMAP_FILE_PAGES,
"GETDENTS64": syscall.SYS_GETDENTS64,
"SET_TID_ADDRESS": syscall.SYS_SET_TID_ADDRESS,
"RESTART_SYSCALL": syscall.SYS_RESTART_SYSCALL,
"SEMTIMEDOP": syscall.SYS_SEMTIMEDOP,
"FADVISE64": syscall.SYS_FADVISE64,
"TIMER_CREATE": syscall.SYS_TIMER_CREATE,
"TIMER_SETTIME": syscall.SYS_TIMER_SETTIME,
"TIMER_GETTIME": syscall.SYS_TIMER_GETTIME,
"TIMER_GETOVERRUN": syscall.SYS_TIMER_GETOVERRUN,
"TIMER_DELETE": syscall.SYS_TIMER_DELETE,
"CLOCK_SETTIME": syscall.SYS_CLOCK_SETTIME,
"CLOCK_GETTIME": syscall.SYS_CLOCK_GETTIME,
"CLOCK_GETRES": syscall.SYS_CLOCK_GETRES,
"CLOCK_NANOSLEEP": syscall.SYS_CLOCK_NANOSLEEP,
"EXIT_GROUP": syscall.SYS_EXIT_GROUP,
"EPOLL_WAIT": syscall.SYS_EPOLL_WAIT,
"EPOLL_CTL": syscall.SYS_EPOLL_CTL,
"TGKILL": syscall.SYS_TGKILL,
"UTIMES": syscall.SYS_UTIMES,
"VSERVER": syscall.SYS_VSERVER,
"MBIND": syscall.SYS_MBIND,
"SET_MEMPOLICY": syscall.SYS_SET_MEMPOLICY,
"GET_MEMPOLICY": syscall.SYS_GET_MEMPOLICY,
"MQ_OPEN": syscall.SYS_MQ_OPEN,
"MQ_UNLINK": syscall.SYS_MQ_UNLINK,
"MQ_TIMEDSEND": syscall.SYS_MQ_TIMEDSEND,
"MQ_TIMEDRECEIVE": syscall.SYS_MQ_TIMEDRECEIVE,
"MQ_NOTIFY": syscall.SYS_MQ_NOTIFY,
"MQ_GETSETATTR": syscall.SYS_MQ_GETSETATTR,
"KEXEC_LOAD": syscall.SYS_KEXEC_LOAD,
"WAITID": syscall.SYS_WAITID,
"ADD_KEY": syscall.SYS_ADD_KEY,
"REQUEST_KEY": syscall.SYS_REQUEST_KEY,
"KEYCTL": syscall.SYS_KEYCTL,
"IOPRIO_SET": syscall.SYS_IOPRIO_SET,
"IOPRIO_GET": syscall.SYS_IOPRIO_GET,
"INOTIFY_INIT": syscall.SYS_INOTIFY_INIT,
"INOTIFY_ADD_WATCH": syscall.SYS_INOTIFY_ADD_WATCH,
"INOTIFY_RM_WATCH": syscall.SYS_INOTIFY_RM_WATCH,
"MIGRATE_PAGES": syscall.SYS_MIGRATE_PAGES,
"OPENAT": syscall.SYS_OPENAT,
"MKDIRAT": syscall.SYS_MKDIRAT,
"MKNODAT": syscall.SYS_MKNODAT,
"FCHOWNAT": syscall.SYS_FCHOWNAT,
"FUTIMESAT": syscall.SYS_FUTIMESAT,
"NEWFSTATAT": syscall.SYS_NEWFSTATAT,
"UNLINKAT": syscall.SYS_UNLINKAT,
"RENAMEAT": syscall.SYS_RENAMEAT,
"LINKAT": syscall.SYS_LINKAT,
"SYMLINKAT": syscall.SYS_SYMLINKAT,
"READLINKAT": syscall.SYS_READLINKAT,
"FCHMODAT": syscall.SYS_FCHMODAT,
"FACCESSAT": syscall.SYS_FACCESSAT,
"PSELECT6": syscall.SYS_PSELECT6,
"PPOLL": syscall.SYS_PPOLL,
"UNSHARE": syscall.SYS_UNSHARE,
"SET_ROBUST_LIST": syscall.SYS_SET_ROBUST_LIST,
"GET_ROBUST_LIST": syscall.SYS_GET_ROBUST_LIST,
"SPLICE": syscall.SYS_SPLICE,
"TEE": syscall.SYS_TEE,
"SYNC_FILE_RANGE": syscall.SYS_SYNC_FILE_RANGE,
"VMSPLICE": syscall.SYS_VMSPLICE,
"MOVE_PAGES": syscall.SYS_MOVE_PAGES,
"UTIMENSAT": syscall.SYS_UTIMENSAT,
"EPOLL_PWAIT": syscall.SYS_EPOLL_PWAIT,
"SIGNALFD": syscall.SYS_SIGNALFD,
"TIMERFD_CREATE": syscall.SYS_TIMERFD_CREATE,
"EVENTFD": syscall.SYS_EVENTFD,
"FALLOCATE": syscall.SYS_FALLOCATE,
"TIMERFD_SETTIME": syscall.SYS_TIMERFD_SETTIME,
"TIMERFD_GETTIME": syscall.SYS_TIMERFD_GETTIME,
"ACCEPT4": syscall.SYS_ACCEPT4,
"SIGNALFD4": syscall.SYS_SIGNALFD4,
"EVENTFD2": syscall.SYS_EVENTFD2,
"EPOLL_CREATE1": syscall.SYS_EPOLL_CREATE1,
"DUP3": syscall.SYS_DUP3,
"PIPE2": syscall.SYS_PIPE2,
"INOTIFY_INIT1": syscall.SYS_INOTIFY_INIT1,
"PREADV": syscall.SYS_PREADV,
"PWRITEV": syscall.SYS_PWRITEV,
"RT_TGSIGQUEUEINFO": syscall.SYS_RT_TGSIGQUEUEINFO,
"PERF_EVENT_OPEN": syscall.SYS_PERF_EVENT_OPEN,
"RECVMMSG": syscall.SYS_RECVMMSG,
"FANOTIFY_INIT": syscall.SYS_FANOTIFY_INIT,
"FANOTIFY_MARK": syscall.SYS_FANOTIFY_MARK,
"PRLIMIT64": syscall.SYS_PRLIMIT64,
}
var SyscallMapMin = map[string]int{
"WRITE": syscall.SYS_WRITE,
"RT_SIGRETURN": syscall.SYS_RT_SIGRETURN,
"EXIT_GROUP": syscall.SYS_EXIT_GROUP,
"FUTEX": syscall.SYS_FUTEX,
}

373
seccomp/syscall_linux_arm.go Normal file
View File

@ -0,0 +1,373 @@
// +build linux
// +build arm
package seccomp
import (
"syscall"
)
const (
SECCOMP_RET_KILL = 0x00000000
SECCOMP_RET_TRAP = 0x00030000
SECCOMP_RET_ALLOW = 0x7fff0000
SECCOMP_MODE_FILTER = 0x2
PR_SET_NO_NEW_PRIVS = 0x26
)
var SyscallMap = map[string]uint32{
"OABI_SYSCALL_BASE": syscall.SYS_OABI_SYSCALL_BASE,
"SYSCALL_BASE": syscall.SYS_SYSCALL_BASE,
"RESTART_SYSCALL": syscall.SYS_RESTART_SYSCALL,
"EXIT": syscall.SYS_EXIT,
"FORK": syscall.SYS_FORK,
"READ": syscall.SYS_READ,
"WRITE": syscall.SYS_WRITE,
"OPEN": syscall.SYS_OPEN,
"CLOSE": syscall.SYS_CLOSE,
"CREAT": syscall.SYS_CREAT,
"LINK": syscall.SYS_LINK,
"UNLINK": syscall.SYS_UNLINK,
"EXECVE": syscall.SYS_EXECVE,
"CHDIR": syscall.SYS_CHDIR,
"TIME": syscall.SYS_TIME,
"MKNOD": syscall.SYS_MKNOD,
"CHMOD": syscall.SYS_CHMOD,
"LCHOWN": syscall.SYS_LCHOWN,
"LSEEK": syscall.SYS_LSEEK,
"GETPID": syscall.SYS_GETPID,
"MOUNT": syscall.SYS_MOUNT,
"UMOUNT": syscall.SYS_UMOUNT,
"SETUID": syscall.SYS_SETUID,
"GETUID": syscall.SYS_GETUID,
"STIME": syscall.SYS_STIME,
"PTRACE": syscall.SYS_PTRACE,
"ALARM": syscall.SYS_ALARM,
"PAUSE": syscall.SYS_PAUSE,
"UTIME": syscall.SYS_UTIME,
"ACCESS": syscall.SYS_ACCESS,
"NICE": syscall.SYS_NICE,
"SYNC": syscall.SYS_SYNC,
"KILL": syscall.SYS_KILL,
"RENAME": syscall.SYS_RENAME,
"MKDIR": syscall.SYS_MKDIR,
"RMDIR": syscall.SYS_RMDIR,
"DUP": syscall.SYS_DUP,
"PIPE": syscall.SYS_PIPE,
"TIMES": syscall.SYS_TIMES,
"BRK": syscall.SYS_BRK,
"SETGID": syscall.SYS_SETGID,
"GETGID": syscall.SYS_GETGID,
"GETEUID": syscall.SYS_GETEUID,
"GETEGID": syscall.SYS_GETEGID,
"ACCT": syscall.SYS_ACCT,
"UMOUNT2": syscall.SYS_UMOUNT2,
"IOCTL": syscall.SYS_IOCTL,
"FCNTL": syscall.SYS_FCNTL,
"SETPGID": syscall.SYS_SETPGID,
"UMASK": syscall.SYS_UMASK,
"CHROOT": syscall.SYS_CHROOT,
"USTAT": syscall.SYS_USTAT,
"DUP2": syscall.SYS_DUP2,
"GETPPID": syscall.SYS_GETPPID,
"GETPGRP": syscall.SYS_GETPGRP,
"SETSID": syscall.SYS_SETSID,
"SIGACTION": syscall.SYS_SIGACTION,
"SETREUID": syscall.SYS_SETREUID,
"SETREGID": syscall.SYS_SETREGID,
"SIGSUSPEND": syscall.SYS_SIGSUSPEND,
"SIGPENDING": syscall.SYS_SIGPENDING,
"SETHOSTNAME": syscall.SYS_SETHOSTNAME,
"SETRLIMIT": syscall.SYS_SETRLIMIT,
"GETRLIMIT": syscall.SYS_GETRLIMIT,
"GETRUSAGE": syscall.SYS_GETRUSAGE,
"GETTIMEOFDAY": syscall.SYS_GETTIMEOFDAY,
"SETTIMEOFDAY": syscall.SYS_SETTIMEOFDAY,
"GETGROUPS": syscall.SYS_GETGROUPS,
"SETGROUPS": syscall.SYS_SETGROUPS,
"SELECT": syscall.SYS_SELECT,
"SYMLINK": syscall.SYS_SYMLINK,
"READLINK": syscall.SYS_READLINK,
"USELIB": syscall.SYS_USELIB,
"SWAPON": syscall.SYS_SWAPON,
"REBOOT": syscall.SYS_REBOOT,
"READDIR": syscall.SYS_READDIR,
"MMAP": syscall.SYS_MMAP,
"MUNMAP": syscall.SYS_MUNMAP,
"TRUNCATE": syscall.SYS_TRUNCATE,
"FTRUNCATE": syscall.SYS_FTRUNCATE,
"FCHMOD": syscall.SYS_FCHMOD,
"FCHOWN": syscall.SYS_FCHOWN,
"GETPRIORITY": syscall.SYS_GETPRIORITY,
"SETPRIORITY": syscall.SYS_SETPRIORITY,
"STATFS": syscall.SYS_STATFS,
"FSTATFS": syscall.SYS_FSTATFS,
"SOCKETCALL": syscall.SYS_SOCKETCALL,
"SYSLOG": syscall.SYS_SYSLOG,
"SETITIMER": syscall.SYS_SETITIMER,
"GETITIMER": syscall.SYS_GETITIMER,
"STAT": syscall.SYS_STAT,
"LSTAT": syscall.SYS_LSTAT,
"FSTAT": syscall.SYS_FSTAT,
"VHANGUP": syscall.SYS_VHANGUP,
"SYSCALL": syscall.SYS_SYSCALL,
"WAIT4": syscall.SYS_WAIT4,
"SWAPOFF": syscall.SYS_SWAPOFF,
"SYSINFO": syscall.SYS_SYSINFO,
"IPC": syscall.SYS_IPC,
"FSYNC": syscall.SYS_FSYNC,
"SIGRETURN": syscall.SYS_SIGRETURN,
"CLONE": syscall.SYS_CLONE,
"SETDOMAINNAME": syscall.SYS_SETDOMAINNAME,
"UNAME": syscall.SYS_UNAME,
"ADJTIMEX": syscall.SYS_ADJTIMEX,
"MPROTECT": syscall.SYS_MPROTECT,
"SIGPROCMASK": syscall.SYS_SIGPROCMASK,
"INIT_MODULE": syscall.SYS_INIT_MODULE,
"DELETE_MODULE": syscall.SYS_DELETE_MODULE,
"QUOTACTL": syscall.SYS_QUOTACTL,
"GETPGID": syscall.SYS_GETPGID,
"FCHDIR": syscall.SYS_FCHDIR,
"BDFLUSH": syscall.SYS_BDFLUSH,
"SYSFS": syscall.SYS_SYSFS,
"PERSONALITY": syscall.SYS_PERSONALITY,
"SETFSUID": syscall.SYS_SETFSUID,
"SETFSGID": syscall.SYS_SETFSGID,
"_LLSEEK": syscall.SYS__LLSEEK,
"GETDENTS": syscall.SYS_GETDENTS,
"_NEWSELECT": syscall.SYS__NEWSELECT,
"FLOCK": syscall.SYS_FLOCK,
"MSYNC": syscall.SYS_MSYNC,
"READV": syscall.SYS_READV,
"WRITEV": syscall.SYS_WRITEV,
"GETSID": syscall.SYS_GETSID,
"FDATASYNC": syscall.SYS_FDATASYNC,
"_SYSCTL": syscall.SYS__SYSCTL,
"MLOCK": syscall.SYS_MLOCK,
"MUNLOCK": syscall.SYS_MUNLOCK,
"MLOCKALL": syscall.SYS_MLOCKALL,
"MUNLOCKALL": syscall.SYS_MUNLOCKALL,
"SCHED_SETPARAM": syscall.SYS_SCHED_SETPARAM,
"SCHED_GETPARAM": syscall.SYS_SCHED_GETPARAM,
"SCHED_SETSCHEDULER": syscall.SYS_SCHED_SETSCHEDULER,
"SCHED_GETSCHEDULER": syscall.SYS_SCHED_GETSCHEDULER,
"SCHED_YIELD": syscall.SYS_SCHED_YIELD,
"SCHED_GET_PRIORITY_MAX": syscall.SYS_SCHED_GET_PRIORITY_MAX,
"SCHED_GET_PRIORITY_MIN": syscall.SYS_SCHED_GET_PRIORITY_MIN,
"SCHED_RR_GET_INTERVAL": syscall.SYS_SCHED_RR_GET_INTERVAL,
"NANOSLEEP": syscall.SYS_NANOSLEEP,
"MREMAP": syscall.SYS_MREMAP,
"SETRESUID": syscall.SYS_SETRESUID,
"GETRESUID": syscall.SYS_GETRESUID,
"POLL": syscall.SYS_POLL,
"NFSSERVCTL": syscall.SYS_NFSSERVCTL,
"SETRESGID": syscall.SYS_SETRESGID,
"GETRESGID": syscall.SYS_GETRESGID,
"PRCTL": syscall.SYS_PRCTL,
"RT_SIGRETURN": syscall.SYS_RT_SIGRETURN,
"RT_SIGACTION": syscall.SYS_RT_SIGACTION,
"RT_SIGPROCMASK": syscall.SYS_RT_SIGPROCMASK,
"RT_SIGPENDING": syscall.SYS_RT_SIGPENDING,
"RT_SIGTIMEDWAIT": syscall.SYS_RT_SIGTIMEDWAIT,
"RT_SIGQUEUEINFO": syscall.SYS_RT_SIGQUEUEINFO,
"RT_SIGSUSPEND": syscall.SYS_RT_SIGSUSPEND,
"PREAD64": syscall.SYS_PREAD64,
"PWRITE64": syscall.SYS_PWRITE64,
"CHOWN": syscall.SYS_CHOWN,
"GETCWD": syscall.SYS_GETCWD,
"CAPGET": syscall.SYS_CAPGET,
"CAPSET": syscall.SYS_CAPSET,
"SIGALTSTACK": syscall.SYS_SIGALTSTACK,
"SENDFILE": syscall.SYS_SENDFILE,
"VFORK": syscall.SYS_VFORK,
"UGETRLIMIT": syscall.SYS_UGETRLIMIT,
"MMAP2": syscall.SYS_MMAP2,
"TRUNCATE64": syscall.SYS_TRUNCATE64,
"FTRUNCATE64": syscall.SYS_FTRUNCATE64,
"STAT64": syscall.SYS_STAT64,
"LSTAT64": syscall.SYS_LSTAT64,
"FSTAT64": syscall.SYS_FSTAT64,
"LCHOWN32": syscall.SYS_LCHOWN32,
"GETUID32": syscall.SYS_GETUID32,
"GETGID32": syscall.SYS_GETGID32,
"GETEUID32": syscall.SYS_GETEUID32,
"GETEGID32": syscall.SYS_GETEGID32,
"SETREUID32": syscall.SYS_SETREUID32,
"SETREGID32": syscall.SYS_SETREGID32,
"GETGROUPS32": syscall.SYS_GETGROUPS32,
"SETGROUPS32": syscall.SYS_SETGROUPS32,
"FCHOWN32": syscall.SYS_FCHOWN32,
"SETRESUID32": syscall.SYS_SETRESUID32,
"GETRESUID32": syscall.SYS_GETRESUID32,
"SETRESGID32": syscall.SYS_SETRESGID32,
"GETRESGID32": syscall.SYS_GETRESGID32,
"CHOWN32": syscall.SYS_CHOWN32,
"SETUID32": syscall.SYS_SETUID32,
"SETGID32": syscall.SYS_SETGID32,
"SETFSUID32": syscall.SYS_SETFSUID32,
"SETFSGID32": syscall.SYS_SETFSGID32,
"GETDENTS64": syscall.SYS_GETDENTS64,
"PIVOT_ROOT": syscall.SYS_PIVOT_ROOT,
"MINCORE": syscall.SYS_MINCORE,
"MADVISE": syscall.SYS_MADVISE,
"FCNTL64": syscall.SYS_FCNTL64,
"GETTID": syscall.SYS_GETTID,
"READAHEAD": syscall.SYS_READAHEAD,
"SETXATTR": syscall.SYS_SETXATTR,
"LSETXATTR": syscall.SYS_LSETXATTR,
"FSETXATTR": syscall.SYS_FSETXATTR,
"GETXATTR": syscall.SYS_GETXATTR,
"LGETXATTR": syscall.SYS_LGETXATTR,
"FGETXATTR": syscall.SYS_FGETXATTR,
"LISTXATTR": syscall.SYS_LISTXATTR,
"LLISTXATTR": syscall.SYS_LLISTXATTR,
"FLISTXATTR": syscall.SYS_FLISTXATTR,
"REMOVEXATTR": syscall.SYS_REMOVEXATTR,
"LREMOVEXATTR": syscall.SYS_LREMOVEXATTR,
"FREMOVEXATTR": syscall.SYS_FREMOVEXATTR,
"TKILL": syscall.SYS_TKILL,
"SENDFILE64": syscall.SYS_SENDFILE64,
"FUTEX": syscall.SYS_FUTEX,
"SCHED_SETAFFINITY": syscall.SYS_SCHED_SETAFFINITY,
"SCHED_GETAFFINITY": syscall.SYS_SCHED_GETAFFINITY,
"IO_SETUP": syscall.SYS_IO_SETUP,
"IO_DESTROY": syscall.SYS_IO_DESTROY,
"IO_GETEVENTS": syscall.SYS_IO_GETEVENTS,
"IO_SUBMIT": syscall.SYS_IO_SUBMIT,
"IO_CANCEL": syscall.SYS_IO_CANCEL,
"EXIT_GROUP": syscall.SYS_EXIT_GROUP,
"LOOKUP_DCOOKIE": syscall.SYS_LOOKUP_DCOOKIE,
"EPOLL_CREATE": syscall.SYS_EPOLL_CREATE,
"EPOLL_CTL": syscall.SYS_EPOLL_CTL,
"EPOLL_WAIT": syscall.SYS_EPOLL_WAIT,
"REMAP_FILE_PAGES": syscall.SYS_REMAP_FILE_PAGES,
"SET_TID_ADDRESS": syscall.SYS_SET_TID_ADDRESS,
"TIMER_CREATE": syscall.SYS_TIMER_CREATE,
"TIMER_SETTIME": syscall.SYS_TIMER_SETTIME,
"TIMER_GETTIME": syscall.SYS_TIMER_GETTIME,
"TIMER_GETOVERRUN": syscall.SYS_TIMER_GETOVERRUN,
"TIMER_DELETE": syscall.SYS_TIMER_DELETE,
"CLOCK_SETTIME": syscall.SYS_CLOCK_SETTIME,
"CLOCK_GETTIME": syscall.SYS_CLOCK_GETTIME,
"CLOCK_GETRES": syscall.SYS_CLOCK_GETRES,
"CLOCK_NANOSLEEP": syscall.SYS_CLOCK_NANOSLEEP,
"STATFS64": syscall.SYS_STATFS64,
"FSTATFS64": syscall.SYS_FSTATFS64,
"TGKILL": syscall.SYS_TGKILL,
"UTIMES": syscall.SYS_UTIMES,
"ARM_FADVISE64_64": syscall.SYS_ARM_FADVISE64_64,
"PCICONFIG_IOBASE": syscall.SYS_PCICONFIG_IOBASE,
"PCICONFIG_READ": syscall.SYS_PCICONFIG_READ,
"PCICONFIG_WRITE": syscall.SYS_PCICONFIG_WRITE,
"MQ_OPEN": syscall.SYS_MQ_OPEN,
"MQ_UNLINK": syscall.SYS_MQ_UNLINK,
"MQ_TIMEDSEND": syscall.SYS_MQ_TIMEDSEND,
"MQ_TIMEDRECEIVE": syscall.SYS_MQ_TIMEDRECEIVE,
"MQ_NOTIFY": syscall.SYS_MQ_NOTIFY,
"MQ_GETSETATTR": syscall.SYS_MQ_GETSETATTR,
"WAITID": syscall.SYS_WAITID,
"SOCKET": syscall.SYS_SOCKET,
"BIND": syscall.SYS_BIND,
"CONNECT": syscall.SYS_CONNECT,
"LISTEN": syscall.SYS_LISTEN,
"ACCEPT": syscall.SYS_ACCEPT,
"GETSOCKNAME": syscall.SYS_GETSOCKNAME,
"GETPEERNAME": syscall.SYS_GETPEERNAME,
"SOCKETPAIR": syscall.SYS_SOCKETPAIR,
"SEND": syscall.SYS_SEND,
"SENDTO": syscall.SYS_SENDTO,
"RECV": syscall.SYS_RECV,
"RECVFROM": syscall.SYS_RECVFROM,
"SHUTDOWN": syscall.SYS_SHUTDOWN,
"SETSOCKOPT": syscall.SYS_SETSOCKOPT,
"GETSOCKOPT": syscall.SYS_GETSOCKOPT,
"SENDMSG": syscall.SYS_SENDMSG,
"RECVMSG": syscall.SYS_RECVMSG,
"SEMOP": syscall.SYS_SEMOP,
"SEMGET": syscall.SYS_SEMGET,
"SEMCTL": syscall.SYS_SEMCTL,
"MSGSND": syscall.SYS_MSGSND,
"MSGRCV": syscall.SYS_MSGRCV,
"MSGGET": syscall.SYS_MSGGET,
"MSGCTL": syscall.SYS_MSGCTL,
"SHMAT": syscall.SYS_SHMAT,
"SHMDT": syscall.SYS_SHMDT,
"SHMGET": syscall.SYS_SHMGET,
"SHMCTL": syscall.SYS_SHMCTL,
"ADD_KEY": syscall.SYS_ADD_KEY,
"REQUEST_KEY": syscall.SYS_REQUEST_KEY,
"KEYCTL": syscall.SYS_KEYCTL,
"SEMTIMEDOP": syscall.SYS_SEMTIMEDOP,
"VSERVER": syscall.SYS_VSERVER,
"IOPRIO_SET": syscall.SYS_IOPRIO_SET,
"IOPRIO_GET": syscall.SYS_IOPRIO_GET,
"INOTIFY_INIT": syscall.SYS_INOTIFY_INIT,
"INOTIFY_ADD_WATCH": syscall.SYS_INOTIFY_ADD_WATCH,
"INOTIFY_RM_WATCH": syscall.SYS_INOTIFY_RM_WATCH,
"MBIND": syscall.SYS_MBIND,
"GET_MEMPOLICY": syscall.SYS_GET_MEMPOLICY,
"SET_MEMPOLICY": syscall.SYS_SET_MEMPOLICY,
"OPENAT": syscall.SYS_OPENAT,
"MKDIRAT": syscall.SYS_MKDIRAT,
"MKNODAT": syscall.SYS_MKNODAT,
"FCHOWNAT": syscall.SYS_FCHOWNAT,
"FUTIMESAT": syscall.SYS_FUTIMESAT,
"FSTATAT64": syscall.SYS_FSTATAT64,
"UNLINKAT": syscall.SYS_UNLINKAT,
"RENAMEAT": syscall.SYS_RENAMEAT,
"LINKAT": syscall.SYS_LINKAT,
"SYMLINKAT": syscall.SYS_SYMLINKAT,
"READLINKAT": syscall.SYS_READLINKAT,
"FCHMODAT": syscall.SYS_FCHMODAT,
"FACCESSAT": syscall.SYS_FACCESSAT,
"PSELECT6": syscall.SYS_PSELECT6,
"PPOLL": syscall.SYS_PPOLL,
"UNSHARE": syscall.SYS_UNSHARE,
"SET_ROBUST_LIST": syscall.SYS_SET_ROBUST_LIST,
"GET_ROBUST_LIST": syscall.SYS_GET_ROBUST_LIST,
"SPLICE": syscall.SYS_SPLICE,
"ARM_SYNC_FILE_RANGE": syscall.SYS_ARM_SYNC_FILE_RANGE,
"TEE": syscall.SYS_TEE,
"VMSPLICE": syscall.SYS_VMSPLICE,
"MOVE_PAGES": syscall.SYS_MOVE_PAGES,
"GETCPU": syscall.SYS_GETCPU,
"EPOLL_PWAIT": syscall.SYS_EPOLL_PWAIT,
"KEXEC_LOAD": syscall.SYS_KEXEC_LOAD,
"UTIMENSAT": syscall.SYS_UTIMENSAT,
"SIGNALFD": syscall.SYS_SIGNALFD,
"TIMERFD_CREATE": syscall.SYS_TIMERFD_CREATE,
"EVENTFD": syscall.SYS_EVENTFD,
"FALLOCATE": syscall.SYS_FALLOCATE,
"TIMERFD_SETTIME": syscall.SYS_TIMERFD_SETTIME,
"TIMERFD_GETTIME": syscall.SYS_TIMERFD_GETTIME,
"SIGNALFD4": syscall.SYS_SIGNALFD4,
"EVENTFD2": syscall.SYS_EVENTFD2,
"EPOLL_CREATE1": syscall.SYS_EPOLL_CREATE1,
"DUP3": syscall.SYS_DUP3,
"PIPE2": syscall.SYS_PIPE2,
"INOTIFY_INIT1": syscall.SYS_INOTIFY_INIT1,
"PREADV": syscall.SYS_PREADV,
"PWRITEV": syscall.SYS_PWRITEV,
"RT_TGSIGQUEUEINFO": syscall.SYS_RT_TGSIGQUEUEINFO,
"PERF_EVENT_OPEN": syscall.SYS_PERF_EVENT_OPEN,
"RECVMMSG": syscall.SYS_RECVMMSG,
"ACCEPT4": syscall.SYS_ACCEPT4,
"FANOTIFY_INIT": syscall.SYS_FANOTIFY_INIT,
"FANOTIFY_MARK": syscall.SYS_FANOTIFY_MARK,
"PRLIMIT64": syscall.SYS_PRLIMIT64,
"NAME_TO_HANDLE_AT": syscall.SYS_NAME_TO_HANDLE_AT,
"OPEN_BY_HANDLE_AT": syscall.SYS_OPEN_BY_HANDLE_AT,
"CLOCK_ADJTIME": syscall.SYS_CLOCK_ADJTIME,
"SYNCFS": syscall.SYS_SYNCFS,
"SENDMMSG": syscall.SYS_SENDMMSG,
"SETNS": syscall.SYS_SETNS,
"PROCESS_VM_READV": syscall.SYS_PROCESS_VM_READV,
"PROCESS_VM_WRITEV": syscall.SYS_PROCESS_VM_WRITEV,
}
var SyscallMapMin = map[string]int{
"WRITE": syscall.SYS_WRITE,
"RT_SIGRETURN": syscall.SYS_RT_SIGRETURN,
"EXIT_GROUP": syscall.SYS_EXIT_GROUP,
"FUTEX": syscall.SYS_FUTEX,
}

294
seccomp/syscall_linux_arm64.go Normal file
View File

@ -0,0 +1,294 @@
// +build linux
// +build arm64
package seccomp
import (
"syscall"
)
const (
SECCOMP_RET_KILL = 0x00000000
SECCOMP_RET_TRAP = 0x00030000
SECCOMP_RET_ALLOW = 0x7fff0000
SECCOMP_MODE_FILTER = 0x2
PR_SET_NO_NEW_PRIVS = 0x26
)
var SyscallMap = map[string]uint32{
"IO_SETUP": syscall.SYS_IO_SETUP,
"IO_DESTROY": syscall.SYS_IO_DESTROY,
"IO_SUBMIT": syscall.SYS_IO_SUBMIT,
"IO_CANCEL": syscall.SYS_IO_CANCEL,
"IO_GETEVENTS": syscall.SYS_IO_GETEVENTS,
"SETXATTR": syscall.SYS_SETXATTR,
"LSETXATTR": syscall.SYS_LSETXATTR,
"FSETXATTR": syscall.SYS_FSETXATTR,
"GETXATTR": syscall.SYS_GETXATTR,
"LGETXATTR": syscall.SYS_LGETXATTR,
"FGETXATTR": syscall.SYS_FGETXATTR,
"LISTXATTR": syscall.SYS_LISTXATTR,
"LLISTXATTR": syscall.SYS_LLISTXATTR,
"FLISTXATTR": syscall.SYS_FLISTXATTR,
"REMOVEXATTR": syscall.SYS_REMOVEXATTR,
"LREMOVEXATTR": syscall.SYS_LREMOVEXATTR,
"FREMOVEXATTR": syscall.SYS_FREMOVEXATTR,
"GETCWD": syscall.SYS_GETCWD,
"LOOKUP_DCOOKIE": syscall.SYS_LOOKUP_DCOOKIE,
"EVENTFD2": syscall.SYS_EVENTFD2,
"EPOLL_CREATE1": syscall.SYS_EPOLL_CREATE1,
"EPOLL_CTL": syscall.SYS_EPOLL_CTL,
"EPOLL_PWAIT": syscall.SYS_EPOLL_PWAIT,
"DUP": syscall.SYS_DUP,
"DUP3": syscall.SYS_DUP3,
"FCNTL": syscall.SYS_FCNTL,
"INOTIFY_INIT1": syscall.SYS_INOTIFY_INIT1,
"INOTIFY_ADD_WATCH": syscall.SYS_INOTIFY_ADD_WATCH,
"INOTIFY_RM_WATCH": syscall.SYS_INOTIFY_RM_WATCH,
"IOCTL": syscall.SYS_IOCTL,
"IOPRIO_SET": syscall.SYS_IOPRIO_SET,
"IOPRIO_GET": syscall.SYS_IOPRIO_GET,
"FLOCK": syscall.SYS_FLOCK,
"MKNODAT": syscall.SYS_MKNODAT,
"MKDIRAT": syscall.SYS_MKDIRAT,
"UNLINKAT": syscall.SYS_UNLINKAT,
"SYMLINKAT": syscall.SYS_SYMLINKAT,
"LINKAT": syscall.SYS_LINKAT,
"RENAMEAT": syscall.SYS_RENAMEAT,
"UMOUNT2": syscall.SYS_UMOUNT2,
"MOUNT": syscall.SYS_MOUNT,
"PIVOT_ROOT": syscall.SYS_PIVOT_ROOT,
"NFSSERVCTL": syscall.SYS_NFSSERVCTL,
"STATFS": syscall.SYS_STATFS,
"FSTATFS": syscall.SYS_FSTATFS,
"TRUNCATE": syscall.SYS_TRUNCATE,
"FTRUNCATE": syscall.SYS_FTRUNCATE,
"FALLOCATE": syscall.SYS_FALLOCATE,
"FACCESSAT": syscall.SYS_FACCESSAT,
"CHDIR": syscall.SYS_CHDIR,
"FCHDIR": syscall.SYS_FCHDIR,
"CHROOT": syscall.SYS_CHROOT,
"FCHMOD": syscall.SYS_FCHMOD,
"FCHMODAT": syscall.SYS_FCHMODAT,
"FCHOWNAT": syscall.SYS_FCHOWNAT,
"FCHOWN": syscall.SYS_FCHOWN,
"OPENAT": syscall.SYS_OPENAT,
"CLOSE": syscall.SYS_CLOSE,
"VHANGUP": syscall.SYS_VHANGUP,
"PIPE2": syscall.SYS_PIPE2,
"QUOTACTL": syscall.SYS_QUOTACTL,
"GETDENTS64": syscall.SYS_GETDENTS64,
"LSEEK": syscall.SYS_LSEEK,
"READ": syscall.SYS_READ,
"WRITE": syscall.SYS_WRITE,
"READV": syscall.SYS_READV,
"WRITEV": syscall.SYS_WRITEV,
"PREAD64": syscall.SYS_PREAD64,
"PWRITE64": syscall.SYS_PWRITE64,
"PREADV": syscall.SYS_PREADV,
"PWRITEV": syscall.SYS_PWRITEV,
"SENDFILE": syscall.SYS_SENDFILE,
"PSELECT6": syscall.SYS_PSELECT6,
"PPOLL": syscall.SYS_PPOLL,
"SIGNALFD4": syscall.SYS_SIGNALFD4,
"VMSPLICE": syscall.SYS_VMSPLICE,
"SPLICE": syscall.SYS_SPLICE,
"TEE": syscall.SYS_TEE,
"READLINKAT": syscall.SYS_READLINKAT,
"FSTATAT": syscall.SYS_FSTATAT,
"FSTAT": syscall.SYS_FSTAT,
"SYNC": syscall.SYS_SYNC,
"FSYNC": syscall.SYS_FSYNC,
"FDATASYNC": syscall.SYS_FDATASYNC,
"SYNC_FILE_RANGE2": syscall.SYS_SYNC_FILE_RANGE2,
"SYNC_FILE_RANGE": syscall.SYS_SYNC_FILE_RANGE,
"TIMERFD_CREATE": syscall.SYS_TIMERFD_CREATE,
"TIMERFD_SETTIME": syscall.SYS_TIMERFD_SETTIME,
"TIMERFD_GETTIME": syscall.SYS_TIMERFD_GETTIME,
"UTIMENSAT": syscall.SYS_UTIMENSAT,
"ACCT": syscall.SYS_ACCT,
"CAPGET": syscall.SYS_CAPGET,
"CAPSET": syscall.SYS_CAPSET,
"PERSONALITY": syscall.SYS_PERSONALITY,
"EXIT": syscall.SYS_EXIT,
"EXIT_GROUP": syscall.SYS_EXIT_GROUP,
"WAITID": syscall.SYS_WAITID,
"SET_TID_ADDRESS": syscall.SYS_SET_TID_ADDRESS,
"UNSHARE": syscall.SYS_UNSHARE,
"FUTEX": syscall.SYS_FUTEX,
"SET_ROBUST_LIST": syscall.SYS_SET_ROBUST_LIST,
"GET_ROBUST_LIST": syscall.SYS_GET_ROBUST_LIST,
"NANOSLEEP": syscall.SYS_NANOSLEEP,
"GETITIMER": syscall.SYS_GETITIMER,
"SETITIMER": syscall.SYS_SETITIMER,
"KEXEC_LOAD": syscall.SYS_KEXEC_LOAD,
"INIT_MODULE": syscall.SYS_INIT_MODULE,
"DELETE_MODULE": syscall.SYS_DELETE_MODULE,
"TIMER_CREATE": syscall.SYS_TIMER_CREATE,
"TIMER_GETTIME": syscall.SYS_TIMER_GETTIME,
"TIMER_GETOVERRUN": syscall.SYS_TIMER_GETOVERRUN,
"TIMER_SETTIME": syscall.SYS_TIMER_SETTIME,
"TIMER_DELETE": syscall.SYS_TIMER_DELETE,
"CLOCK_SETTIME": syscall.SYS_CLOCK_SETTIME,
"CLOCK_GETTIME": syscall.SYS_CLOCK_GETTIME,
"CLOCK_GETRES": syscall.SYS_CLOCK_GETRES,
"CLOCK_NANOSLEEP": syscall.SYS_CLOCK_NANOSLEEP,
"SYSLOG": syscall.SYS_SYSLOG,
"PTRACE": syscall.SYS_PTRACE,
"SCHED_SETPARAM": syscall.SYS_SCHED_SETPARAM,
"SCHED_SETSCHEDULER": syscall.SYS_SCHED_SETSCHEDULER,
"SCHED_GETSCHEDULER": syscall.SYS_SCHED_GETSCHEDULER,
"SCHED_GETPARAM": syscall.SYS_SCHED_GETPARAM,
"SCHED_SETAFFINITY": syscall.SYS_SCHED_SETAFFINITY,
"SCHED_GETAFFINITY": syscall.SYS_SCHED_GETAFFINITY,
"SCHED_YIELD": syscall.SYS_SCHED_YIELD,
"SCHED_GET_PRIORITY_MAX": syscall.SYS_SCHED_GET_PRIORITY_MAX,
"SCHED_GET_PRIORITY_MIN": syscall.SYS_SCHED_GET_PRIORITY_MIN,
"SCHED_RR_GET_INTERVAL": syscall.SYS_SCHED_RR_GET_INTERVAL,
"RESTART_SYSCALL": syscall.SYS_RESTART_SYSCALL,
"KILL": syscall.SYS_KILL,
"TKILL": syscall.SYS_TKILL,
"TGKILL": syscall.SYS_TGKILL,
"SIGALTSTACK": syscall.SYS_SIGALTSTACK,
"RT_SIGSUSPEND": syscall.SYS_RT_SIGSUSPEND,
"RT_SIGACTION": syscall.SYS_RT_SIGACTION,
"RT_SIGPROCMASK": syscall.SYS_RT_SIGPROCMASK,
"RT_SIGPENDING": syscall.SYS_RT_SIGPENDING,
"RT_SIGTIMEDWAIT": syscall.SYS_RT_SIGTIMEDWAIT,
"RT_SIGQUEUEINFO": syscall.SYS_RT_SIGQUEUEINFO,
"RT_SIGRETURN": syscall.SYS_RT_SIGRETURN,
"SETPRIORITY": syscall.SYS_SETPRIORITY,
"GETPRIORITY": syscall.SYS_GETPRIORITY,
"REBOOT": syscall.SYS_REBOOT,
"SETREGID": syscall.SYS_SETREGID,
"SETGID": syscall.SYS_SETGID,
"SETREUID": syscall.SYS_SETREUID,
"SETUID": syscall.SYS_SETUID,
"SETRESUID": syscall.SYS_SETRESUID,
"GETRESUID": syscall.SYS_GETRESUID,
"SETRESGID": syscall.SYS_SETRESGID,
"GETRESGID": syscall.SYS_GETRESGID,
"SETFSUID": syscall.SYS_SETFSUID,
"SETFSGID": syscall.SYS_SETFSGID,
"TIMES": syscall.SYS_TIMES,
"SETPGID": syscall.SYS_SETPGID,
"GETPGID": syscall.SYS_GETPGID,
"GETSID": syscall.SYS_GETSID,
"SETSID": syscall.SYS_SETSID,
"GETGROUPS": syscall.SYS_GETGROUPS,
"SETGROUPS": syscall.SYS_SETGROUPS,
"UNAME": syscall.SYS_UNAME,
"SETHOSTNAME": syscall.SYS_SETHOSTNAME,
"SETDOMAINNAME": syscall.SYS_SETDOMAINNAME,
"GETRLIMIT": syscall.SYS_GETRLIMIT,
"SETRLIMIT": syscall.SYS_SETRLIMIT,
"GETRUSAGE": syscall.SYS_GETRUSAGE,
"UMASK": syscall.SYS_UMASK,
"PRCTL": syscall.SYS_PRCTL,
"GETCPU": syscall.SYS_GETCPU,
"GETTIMEOFDAY": syscall.SYS_GETTIMEOFDAY,
"SETTIMEOFDAY": syscall.SYS_SETTIMEOFDAY,
"ADJTIMEX": syscall.SYS_ADJTIMEX,
"GETPID": syscall.SYS_GETPID,
"GETPPID": syscall.SYS_GETPPID,
"GETUID": syscall.SYS_GETUID,
"GETEUID": syscall.SYS_GETEUID,
"GETGID": syscall.SYS_GETGID,
"GETEGID": syscall.SYS_GETEGID,
"GETTID": syscall.SYS_GETTID,
"SYSINFO": syscall.SYS_SYSINFO,
"MQ_OPEN": syscall.SYS_MQ_OPEN,
"MQ_UNLINK": syscall.SYS_MQ_UNLINK,
"MQ_TIMEDSEND": syscall.SYS_MQ_TIMEDSEND,
"MQ_TIMEDRECEIVE": syscall.SYS_MQ_TIMEDRECEIVE,
"MQ_NOTIFY": syscall.SYS_MQ_NOTIFY,
"MQ_GETSETATTR": syscall.SYS_MQ_GETSETATTR,
"MSGGET": syscall.SYS_MSGGET,
"MSGCTL": syscall.SYS_MSGCTL,
"MSGRCV": syscall.SYS_MSGRCV,
"MSGSND": syscall.SYS_MSGSND,
"SEMGET": syscall.SYS_SEMGET,
"SEMCTL": syscall.SYS_SEMCTL,
"SEMTIMEDOP": syscall.SYS_SEMTIMEDOP,
"SEMOP": syscall.SYS_SEMOP,
"SHMGET": syscall.SYS_SHMGET,
"SHMCTL": syscall.SYS_SHMCTL,
"SHMAT": syscall.SYS_SHMAT,
"SHMDT": syscall.SYS_SHMDT,
"SOCKET": syscall.SYS_SOCKET,
"SOCKETPAIR": syscall.SYS_SOCKETPAIR,
"BIND": syscall.SYS_BIND,
"LISTEN": syscall.SYS_LISTEN,
"ACCEPT": syscall.SYS_ACCEPT,
"CONNECT": syscall.SYS_CONNECT,
"GETSOCKNAME": syscall.SYS_GETSOCKNAME,
"GETPEERNAME": syscall.SYS_GETPEERNAME,
"SENDTO": syscall.SYS_SENDTO,
"RECVFROM": syscall.SYS_RECVFROM,
"SETSOCKOPT": syscall.SYS_SETSOCKOPT,
"GETSOCKOPT": syscall.SYS_GETSOCKOPT,
"SHUTDOWN": syscall.SYS_SHUTDOWN,
"SENDMSG": syscall.SYS_SENDMSG,
"RECVMSG": syscall.SYS_RECVMSG,
"READAHEAD": syscall.SYS_READAHEAD,
"BRK": syscall.SYS_BRK,
"MUNMAP": syscall.SYS_MUNMAP,
"MREMAP": syscall.SYS_MREMAP,
"ADD_KEY": syscall.SYS_ADD_KEY,
"REQUEST_KEY": syscall.SYS_REQUEST_KEY,
"KEYCTL": syscall.SYS_KEYCTL,
"CLONE": syscall.SYS_CLONE,
"EXECVE": syscall.SYS_EXECVE,
"MMAP": syscall.SYS_MMAP,
"FADVISE64": syscall.SYS_FADVISE64,
"SWAPON": syscall.SYS_SWAPON,
"SWAPOFF": syscall.SYS_SWAPOFF,
"MPROTECT": syscall.SYS_MPROTECT,
"MSYNC": syscall.SYS_MSYNC,
"MLOCK": syscall.SYS_MLOCK,
"MUNLOCK": syscall.SYS_MUNLOCK,
"MLOCKALL": syscall.SYS_MLOCKALL,
"MUNLOCKALL": syscall.SYS_MUNLOCKALL,
"MINCORE": syscall.SYS_MINCORE,
"MADVISE": syscall.SYS_MADVISE,
"REMAP_FILE_PAGES": syscall.SYS_REMAP_FILE_PAGES,
"MBIND": syscall.SYS_MBIND,
"GET_MEMPOLICY": syscall.SYS_GET_MEMPOLICY,
"SET_MEMPOLICY": syscall.SYS_SET_MEMPOLICY,
"MIGRATE_PAGES": syscall.SYS_MIGRATE_PAGES,
"MOVE_PAGES": syscall.SYS_MOVE_PAGES,
"RT_TGSIGQUEUEINFO": syscall.SYS_RT_TGSIGQUEUEINFO,
"PERF_EVENT_OPEN": syscall.SYS_PERF_EVENT_OPEN,
"ACCEPT4": syscall.SYS_ACCEPT4,
"RECVMMSG": syscall.SYS_RECVMMSG,
"ARCH_SPECIFIC_SYSCALL": syscall.SYS_ARCH_SPECIFIC_SYSCALL,
"WAIT4": syscall.SYS_WAIT4,
"PRLIMIT64": syscall.SYS_PRLIMIT64,
"FANOTIFY_INIT": syscall.SYS_FANOTIFY_INIT,
"FANOTIFY_MARK": syscall.SYS_FANOTIFY_MARK,
"NAME_TO_HANDLE_AT": syscall.SYS_NAME_TO_HANDLE_AT,
"OPEN_BY_HANDLE_AT": syscall.SYS_OPEN_BY_HANDLE_AT,
"CLOCK_ADJTIME": syscall.SYS_CLOCK_ADJTIME,
"SYNCFS": syscall.SYS_SYNCFS,
"SETNS": syscall.SYS_SETNS,
"SENDMMSG": syscall.SYS_SENDMMSG,
"PROCESS_VM_READV": syscall.SYS_PROCESS_VM_READV,
"PROCESS_VM_WRITEV": syscall.SYS_PROCESS_VM_WRITEV,
"KCMP": syscall.SYS_KCMP,
"FINIT_MODULE": syscall.SYS_FINIT_MODULE,
"SCHED_SETATTR": syscall.SYS_SCHED_SETATTR,
"SCHED_GETATTR": syscall.SYS_SCHED_GETATTR,
"RENAMEAT2": syscall.SYS_RENAMEAT2,
"SECCOMP": syscall.SYS_SECCOMP,
"GETRANDOM": syscall.SYS_GETRANDOM,
"MEMFD_CREATE": syscall.SYS_MEMFD_CREATE,
"BPF": syscall.SYS_BPF,
"EXECVEAT": syscall.SYS_EXECVEAT,
}
var SyscallMapMin = map[string]int{
"WRITE": syscall.SYS_WRITE,
"RT_SIGRETURN": syscall.SYS_RT_SIGRETURN,
"EXIT_GROUP": syscall.SYS_EXIT_GROUP,
"FUTEX": syscall.SYS_FUTEX,
}

370
seccomp/syscall_linux_ppc64.go Normal file
View File

@ -0,0 +1,370 @@
// +build linux
// +build ppc64
package seccomp
import (
"syscall"
)
const (
SECCOMP_RET_KILL = 0x00000000
SECCOMP_RET_TRAP = 0x00030000
SECCOMP_RET_ALLOW = 0x7fff0000
SECCOMP_MODE_FILTER = 0x2
PR_SET_NO_NEW_PRIVS = 0x26
)
var SyscallMap = map[string]uint32{
"RESTART_SYSCALL": syscall.SYS_RESTART_SYSCALL,
"EXIT": syscall.SYS_EXIT,
"FORK": syscall.SYS_FORK,
"READ": syscall.SYS_READ,
"WRITE": syscall.SYS_WRITE,
"OPEN": syscall.SYS_OPEN,
"CLOSE": syscall.SYS_CLOSE,
"WAITPID": syscall.SYS_WAITPID,
"CREAT": syscall.SYS_CREAT,
"LINK": syscall.SYS_LINK,
"UNLINK": syscall.SYS_UNLINK,
"EXECVE": syscall.SYS_EXECVE,
"CHDIR": syscall.SYS_CHDIR,
"TIME": syscall.SYS_TIME,
"MKNOD": syscall.SYS_MKNOD,
"CHMOD": syscall.SYS_CHMOD,
"LCHOWN": syscall.SYS_LCHOWN,
"BREAK": syscall.SYS_BREAK,
"OLDSTAT": syscall.SYS_OLDSTAT,
"LSEEK": syscall.SYS_LSEEK,
"GETPID": syscall.SYS_GETPID,
"MOUNT": syscall.SYS_MOUNT,
"UMOUNT": syscall.SYS_UMOUNT,
"SETUID": syscall.SYS_SETUID,
"GETUID": syscall.SYS_GETUID,
"STIME": syscall.SYS_STIME,
"PTRACE": syscall.SYS_PTRACE,
"ALARM": syscall.SYS_ALARM,
"OLDFSTAT": syscall.SYS_OLDFSTAT,
"PAUSE": syscall.SYS_PAUSE,
"UTIME": syscall.SYS_UTIME,
"STTY": syscall.SYS_STTY,
"GTTY": syscall.SYS_GTTY,
"ACCESS": syscall.SYS_ACCESS,
"NICE": syscall.SYS_NICE,
"FTIME": syscall.SYS_FTIME,
"SYNC": syscall.SYS_SYNC,
"KILL": syscall.SYS_KILL,
"RENAME": syscall.SYS_RENAME,
"MKDIR": syscall.SYS_MKDIR,
"RMDIR": syscall.SYS_RMDIR,
"DUP": syscall.SYS_DUP,
"PIPE": syscall.SYS_PIPE,
"TIMES": syscall.SYS_TIMES,
"PROF": syscall.SYS_PROF,
"BRK": syscall.SYS_BRK,
"SETGID": syscall.SYS_SETGID,
"GETGID": syscall.SYS_GETGID,
"SIGNAL": syscall.SYS_SIGNAL,
"GETEUID": syscall.SYS_GETEUID,
"GETEGID": syscall.SYS_GETEGID,
"ACCT": syscall.SYS_ACCT,
"UMOUNT2": syscall.SYS_UMOUNT2,
"LOCK": syscall.SYS_LOCK,
"IOCTL": syscall.SYS_IOCTL,
"FCNTL": syscall.SYS_FCNTL,
"MPX": syscall.SYS_MPX,
"SETPGID": syscall.SYS_SETPGID,
"ULIMIT": syscall.SYS_ULIMIT,
"OLDOLDUNAME": syscall.SYS_OLDOLDUNAME,
"UMASK": syscall.SYS_UMASK,
"CHROOT": syscall.SYS_CHROOT,
"USTAT": syscall.SYS_USTAT,
"DUP2": syscall.SYS_DUP2,
"GETPPID": syscall.SYS_GETPPID,
"GETPGRP": syscall.SYS_GETPGRP,
"SETSID": syscall.SYS_SETSID,
"SIGACTION": syscall.SYS_SIGACTION,
"SGETMASK": syscall.SYS_SGETMASK,
"SSETMASK": syscall.SYS_SSETMASK,
"SETREUID": syscall.SYS_SETREUID,
"SETREGID": syscall.SYS_SETREGID,
"SIGSUSPEND": syscall.SYS_SIGSUSPEND,
"SIGPENDING": syscall.SYS_SIGPENDING,
"SETHOSTNAME": syscall.SYS_SETHOSTNAME,
"SETRLIMIT": syscall.SYS_SETRLIMIT,
"GETRLIMIT": syscall.SYS_GETRLIMIT,
"GETRUSAGE": syscall.SYS_GETRUSAGE,
"GETTIMEOFDAY": syscall.SYS_GETTIMEOFDAY,
"SETTIMEOFDAY": syscall.SYS_SETTIMEOFDAY,
"GETGROUPS": syscall.SYS_GETGROUPS,
"SETGROUPS": syscall.SYS_SETGROUPS,
"SELECT": syscall.SYS_SELECT,
"SYMLINK": syscall.SYS_SYMLINK,
"OLDLSTAT": syscall.SYS_OLDLSTAT,
"READLINK": syscall.SYS_READLINK,
"USELIB": syscall.SYS_USELIB,
"SWAPON": syscall.SYS_SWAPON,
"REBOOT": syscall.SYS_REBOOT,
"READDIR": syscall.SYS_READDIR,
"MMAP": syscall.SYS_MMAP,
"MUNMAP": syscall.SYS_MUNMAP,
"TRUNCATE": syscall.SYS_TRUNCATE,
"FTRUNCATE": syscall.SYS_FTRUNCATE,
"FCHMOD": syscall.SYS_FCHMOD,
"FCHOWN": syscall.SYS_FCHOWN,
"GETPRIORITY": syscall.SYS_GETPRIORITY,
"SETPRIORITY": syscall.SYS_SETPRIORITY,
"PROFIL": syscall.SYS_PROFIL,
"STATFS": syscall.SYS_STATFS,
"FSTATFS": syscall.SYS_FSTATFS,
"IOPERM": syscall.SYS_IOPERM,
"SOCKETCALL": syscall.SYS_SOCKETCALL,
"SYSLOG": syscall.SYS_SYSLOG,
"SETITIMER": syscall.SYS_SETITIMER,
"GETITIMER": syscall.SYS_GETITIMER,
"STAT": syscall.SYS_STAT,
"LSTAT": syscall.SYS_LSTAT,
"FSTAT": syscall.SYS_FSTAT,
"OLDUNAME": syscall.SYS_OLDUNAME,
"IOPL": syscall.SYS_IOPL,
"VHANGUP": syscall.SYS_VHANGUP,
"IDLE": syscall.SYS_IDLE,
"VM86": syscall.SYS_VM86,
"WAIT4": syscall.SYS_WAIT4,
"SWAPOFF": syscall.SYS_SWAPOFF,
"SYSINFO": syscall.SYS_SYSINFO,
"IPC": syscall.SYS_IPC,
"FSYNC": syscall.SYS_FSYNC,
"SIGRETURN": syscall.SYS_SIGRETURN,
"CLONE": syscall.SYS_CLONE,
"SETDOMAINNAME": syscall.SYS_SETDOMAINNAME,
"UNAME": syscall.SYS_UNAME,
"MODIFY_LDT": syscall.SYS_MODIFY_LDT,
"ADJTIMEX": syscall.SYS_ADJTIMEX,
"MPROTECT": syscall.SYS_MPROTECT,
"SIGPROCMASK": syscall.SYS_SIGPROCMASK,
"CREATE_MODULE": syscall.SYS_CREATE_MODULE,
"INIT_MODULE": syscall.SYS_INIT_MODULE,
"DELETE_MODULE": syscall.SYS_DELETE_MODULE,
"GET_KERNEL_SYMS": syscall.SYS_GET_KERNEL_SYMS,
"QUOTACTL": syscall.SYS_QUOTACTL,
"GETPGID": syscall.SYS_GETPGID,
"FCHDIR": syscall.SYS_FCHDIR,
"BDFLUSH": syscall.SYS_BDFLUSH,
"SYSFS": syscall.SYS_SYSFS,
"PERSONALITY": syscall.SYS_PERSONALITY,
"AFS_SYSCALL": syscall.SYS_AFS_SYSCALL,
"SETFSUID": syscall.SYS_SETFSUID,
"SETFSGID": syscall.SYS_SETFSGID,
"_LLSEEK": syscall.SYS__LLSEEK,
"GETDENTS": syscall.SYS_GETDENTS,
"_NEWSELECT": syscall.SYS__NEWSELECT,
"FLOCK": syscall.SYS_FLOCK,
"MSYNC": syscall.SYS_MSYNC,
"READV": syscall.SYS_READV,
"WRITEV": syscall.SYS_WRITEV,
"GETSID": syscall.SYS_GETSID,
"FDATASYNC": syscall.SYS_FDATASYNC,
"_SYSCTL": syscall.SYS__SYSCTL,
"MLOCK": syscall.SYS_MLOCK,
"MUNLOCK": syscall.SYS_MUNLOCK,
"MLOCKALL": syscall.SYS_MLOCKALL,
"MUNLOCKALL": syscall.SYS_MUNLOCKALL,
"SCHED_SETPARAM": syscall.SYS_SCHED_SETPARAM,
"SCHED_GETPARAM": syscall.SYS_SCHED_GETPARAM,
"SCHED_SETSCHEDULER": syscall.SYS_SCHED_SETSCHEDULER,
"SCHED_GETSCHEDULER": syscall.SYS_SCHED_GETSCHEDULER,
"SCHED_YIELD": syscall.SYS_SCHED_YIELD,
"SCHED_GET_PRIORITY_MAX": syscall.SYS_SCHED_GET_PRIORITY_MAX,
"SCHED_GET_PRIORITY_MIN": syscall.SYS_SCHED_GET_PRIORITY_MIN,
"SCHED_RR_GET_INTERVAL": syscall.SYS_SCHED_RR_GET_INTERVAL,
"NANOSLEEP": syscall.SYS_NANOSLEEP,
"MREMAP": syscall.SYS_MREMAP,
"SETRESUID": syscall.SYS_SETRESUID,
"GETRESUID": syscall.SYS_GETRESUID,
"QUERY_MODULE": syscall.SYS_QUERY_MODULE,
"POLL": syscall.SYS_POLL,
"NFSSERVCTL": syscall.SYS_NFSSERVCTL,
"SETRESGID": syscall.SYS_SETRESGID,
"GETRESGID": syscall.SYS_GETRESGID,
"PRCTL": syscall.SYS_PRCTL,
"RT_SIGRETURN": syscall.SYS_RT_SIGRETURN,
"RT_SIGACTION": syscall.SYS_RT_SIGACTION,
"RT_SIGPROCMASK": syscall.SYS_RT_SIGPROCMASK,
"RT_SIGPENDING": syscall.SYS_RT_SIGPENDING,
"RT_SIGTIMEDWAIT": syscall.SYS_RT_SIGTIMEDWAIT,
"RT_SIGQUEUEINFO": syscall.SYS_RT_SIGQUEUEINFO,
"RT_SIGSUSPEND": syscall.SYS_RT_SIGSUSPEND,
"PREAD64": syscall.SYS_PREAD64,
"PWRITE64": syscall.SYS_PWRITE64,
"CHOWN": syscall.SYS_CHOWN,
"GETCWD": syscall.SYS_GETCWD,
"CAPGET": syscall.SYS_CAPGET,
"CAPSET": syscall.SYS_CAPSET,
"SIGALTSTACK": syscall.SYS_SIGALTSTACK,
"SENDFILE": syscall.SYS_SENDFILE,
"GETPMSG": syscall.SYS_GETPMSG,
"PUTPMSG": syscall.SYS_PUTPMSG,
"VFORK": syscall.SYS_VFORK,
"UGETRLIMIT": syscall.SYS_UGETRLIMIT,
"READAHEAD": syscall.SYS_READAHEAD,
"PCICONFIG_READ": syscall.SYS_PCICONFIG_READ,
"PCICONFIG_WRITE": syscall.SYS_PCICONFIG_WRITE,
"PCICONFIG_IOBASE": syscall.SYS_PCICONFIG_IOBASE,
"MULTIPLEXER": syscall.SYS_MULTIPLEXER,
"GETDENTS64": syscall.SYS_GETDENTS64,
"PIVOT_ROOT": syscall.SYS_PIVOT_ROOT,
"MADVISE": syscall.SYS_MADVISE,
"MINCORE": syscall.SYS_MINCORE,
"GETTID": syscall.SYS_GETTID,
"TKILL": syscall.SYS_TKILL,
"SETXATTR": syscall.SYS_SETXATTR,
"LSETXATTR": syscall.SYS_LSETXATTR,
"FSETXATTR": syscall.SYS_FSETXATTR,
"GETXATTR": syscall.SYS_GETXATTR,
"LGETXATTR": syscall.SYS_LGETXATTR,
"FGETXATTR": syscall.SYS_FGETXATTR,
"LISTXATTR": syscall.SYS_LISTXATTR,
"LLISTXATTR": syscall.SYS_LLISTXATTR,
"FLISTXATTR": syscall.SYS_FLISTXATTR,
"REMOVEXATTR": syscall.SYS_REMOVEXATTR,
"LREMOVEXATTR": syscall.SYS_LREMOVEXATTR,
"FREMOVEXATTR": syscall.SYS_FREMOVEXATTR,
"FUTEX": syscall.SYS_FUTEX,
"SCHED_SETAFFINITY": syscall.SYS_SCHED_SETAFFINITY,
"SCHED_GETAFFINITY": syscall.SYS_SCHED_GETAFFINITY,
"TUXCALL": syscall.SYS_TUXCALL,
"IO_SETUP": syscall.SYS_IO_SETUP,
"IO_DESTROY": syscall.SYS_IO_DESTROY,
"IO_GETEVENTS": syscall.SYS_IO_GETEVENTS,
"IO_SUBMIT": syscall.SYS_IO_SUBMIT,
"IO_CANCEL": syscall.SYS_IO_CANCEL,
"SET_TID_ADDRESS": syscall.SYS_SET_TID_ADDRESS,
"FADVISE64": syscall.SYS_FADVISE64,
"EXIT_GROUP": syscall.SYS_EXIT_GROUP,
"LOOKUP_DCOOKIE": syscall.SYS_LOOKUP_DCOOKIE,
"EPOLL_CREATE": syscall.SYS_EPOLL_CREATE,
"EPOLL_CTL": syscall.SYS_EPOLL_CTL,
"EPOLL_WAIT": syscall.SYS_EPOLL_WAIT,
"REMAP_FILE_PAGES": syscall.SYS_REMAP_FILE_PAGES,
"TIMER_CREATE": syscall.SYS_TIMER_CREATE,
"TIMER_SETTIME": syscall.SYS_TIMER_SETTIME,
"TIMER_GETTIME": syscall.SYS_TIMER_GETTIME,
"TIMER_GETOVERRUN": syscall.SYS_TIMER_GETOVERRUN,
"TIMER_DELETE": syscall.SYS_TIMER_DELETE,
"CLOCK_SETTIME": syscall.SYS_CLOCK_SETTIME,
"CLOCK_GETTIME": syscall.SYS_CLOCK_GETTIME,
"CLOCK_GETRES": syscall.SYS_CLOCK_GETRES,
"CLOCK_NANOSLEEP": syscall.SYS_CLOCK_NANOSLEEP,
"SWAPCONTEXT": syscall.SYS_SWAPCONTEXT,
"TGKILL": syscall.SYS_TGKILL,
"UTIMES": syscall.SYS_UTIMES,
"STATFS64": syscall.SYS_STATFS64,
"FSTATFS64": syscall.SYS_FSTATFS64,
"RTAS": syscall.SYS_RTAS,
"SYS_DEBUG_SETCONTEXT": syscall.SYS_SYS_DEBUG_SETCONTEXT,
"MIGRATE_PAGES": syscall.SYS_MIGRATE_PAGES,
"MBIND": syscall.SYS_MBIND,
"GET_MEMPOLICY": syscall.SYS_GET_MEMPOLICY,
"SET_MEMPOLICY": syscall.SYS_SET_MEMPOLICY,
"MQ_OPEN": syscall.SYS_MQ_OPEN,
"MQ_UNLINK": syscall.SYS_MQ_UNLINK,
"MQ_TIMEDSEND": syscall.SYS_MQ_TIMEDSEND,
"MQ_TIMEDRECEIVE": syscall.SYS_MQ_TIMEDRECEIVE,
"MQ_NOTIFY": syscall.SYS_MQ_NOTIFY,
"MQ_GETSETATTR": syscall.SYS_MQ_GETSETATTR,
"KEXEC_LOAD": syscall.SYS_KEXEC_LOAD,
"ADD_KEY": syscall.SYS_ADD_KEY,
"REQUEST_KEY": syscall.SYS_REQUEST_KEY,
"KEYCTL": syscall.SYS_KEYCTL,
"WAITID": syscall.SYS_WAITID,
"IOPRIO_SET": syscall.SYS_IOPRIO_SET,
"IOPRIO_GET": syscall.SYS_IOPRIO_GET,
"INOTIFY_INIT": syscall.SYS_INOTIFY_INIT,
"INOTIFY_ADD_WATCH": syscall.SYS_INOTIFY_ADD_WATCH,
"INOTIFY_RM_WATCH": syscall.SYS_INOTIFY_RM_WATCH,
"SPU_RUN": syscall.SYS_SPU_RUN,
"SPU_CREATE": syscall.SYS_SPU_CREATE,
"PSELECT6": syscall.SYS_PSELECT6,
"PPOLL": syscall.SYS_PPOLL,
"UNSHARE": syscall.SYS_UNSHARE,
"SPLICE": syscall.SYS_SPLICE,
"TEE": syscall.SYS_TEE,
"VMSPLICE": syscall.SYS_VMSPLICE,
"OPENAT": syscall.SYS_OPENAT,
"MKDIRAT": syscall.SYS_MKDIRAT,
"MKNODAT": syscall.SYS_MKNODAT,
"FCHOWNAT": syscall.SYS_FCHOWNAT,
"FUTIMESAT": syscall.SYS_FUTIMESAT,
"NEWFSTATAT": syscall.SYS_NEWFSTATAT,
"UNLINKAT": syscall.SYS_UNLINKAT,
"RENAMEAT": syscall.SYS_RENAMEAT,
"LINKAT": syscall.SYS_LINKAT,
"SYMLINKAT": syscall.SYS_SYMLINKAT,
"READLINKAT": syscall.SYS_READLINKAT,
"FCHMODAT": syscall.SYS_FCHMODAT,
"FACCESSAT": syscall.SYS_FACCESSAT,
"GET_ROBUST_LIST": syscall.SYS_GET_ROBUST_LIST,
"SET_ROBUST_LIST": syscall.SYS_SET_ROBUST_LIST,
"MOVE_PAGES": syscall.SYS_MOVE_PAGES,
"GETCPU": syscall.SYS_GETCPU,
"EPOLL_PWAIT": syscall.SYS_EPOLL_PWAIT,
"UTIMENSAT": syscall.SYS_UTIMENSAT,
"SIGNALFD": syscall.SYS_SIGNALFD,
"TIMERFD_CREATE": syscall.SYS_TIMERFD_CREATE,
"EVENTFD": syscall.SYS_EVENTFD,
"SYNC_FILE_RANGE2": syscall.SYS_SYNC_FILE_RANGE2,
"FALLOCATE": syscall.SYS_FALLOCATE,
"SUBPAGE_PROT": syscall.SYS_SUBPAGE_PROT,
"TIMERFD_SETTIME": syscall.SYS_TIMERFD_SETTIME,
"TIMERFD_GETTIME": syscall.SYS_TIMERFD_GETTIME,
"SIGNALFD4": syscall.SYS_SIGNALFD4,
"EVENTFD2": syscall.SYS_EVENTFD2,
"EPOLL_CREATE1": syscall.SYS_EPOLL_CREATE1,
"DUP3": syscall.SYS_DUP3,
"PIPE2": syscall.SYS_PIPE2,
"INOTIFY_INIT1": syscall.SYS_INOTIFY_INIT1,
"PERF_EVENT_OPEN": syscall.SYS_PERF_EVENT_OPEN,
"PREADV": syscall.SYS_PREADV,
"PWRITEV": syscall.SYS_PWRITEV,
"RT_TGSIGQUEUEINFO": syscall.SYS_RT_TGSIGQUEUEINFO,
"FANOTIFY_INIT": syscall.SYS_FANOTIFY_INIT,
"FANOTIFY_MARK": syscall.SYS_FANOTIFY_MARK,
"PRLIMIT64": syscall.SYS_PRLIMIT64,
"SOCKET": syscall.SYS_SOCKET,
"BIND": syscall.SYS_BIND,
"CONNECT": syscall.SYS_CONNECT,
"LISTEN": syscall.SYS_LISTEN,
"ACCEPT": syscall.SYS_ACCEPT,
"GETSOCKNAME": syscall.SYS_GETSOCKNAME,
"GETPEERNAME": syscall.SYS_GETPEERNAME,
"SOCKETPAIR": syscall.SYS_SOCKETPAIR,
"SEND": syscall.SYS_SEND,
"SENDTO": syscall.SYS_SENDTO,
"RECV": syscall.SYS_RECV,
"RECVFROM": syscall.SYS_RECVFROM,
"SHUTDOWN": syscall.SYS_SHUTDOWN,
"SETSOCKOPT": syscall.SYS_SETSOCKOPT,
"GETSOCKOPT": syscall.SYS_GETSOCKOPT,
"SENDMSG": syscall.SYS_SENDMSG,
"RECVMSG": syscall.SYS_RECVMSG,
"RECVMMSG": syscall.SYS_RECVMMSG,
"ACCEPT4": syscall.SYS_ACCEPT4,
"NAME_TO_HANDLE_AT": syscall.SYS_NAME_TO_HANDLE_AT,
"OPEN_BY_HANDLE_AT": syscall.SYS_OPEN_BY_HANDLE_AT,
"CLOCK_ADJTIME": syscall.SYS_CLOCK_ADJTIME,
"SYNCFS": syscall.SYS_SYNCFS,
"SENDMMSG": syscall.SYS_SENDMMSG,
"SETNS": syscall.SYS_SETNS,
"PROCESS_VM_READV": syscall.SYS_PROCESS_VM_READV,
"PROCESS_VM_WRITEV": syscall.SYS_PROCESS_VM_WRITEV,
"FINIT_MODULE": syscall.SYS_FINIT_MODULE,
"KCMP": syscall.SYS_KCMP,
}
var SyscallMapMin = map[string]int{
"WRITE": syscall.SYS_WRITE,
"RT_SIGRETURN": syscall.SYS_RT_SIGRETURN,
"EXIT_GROUP": syscall.SYS_EXIT_GROUP,
"FUTEX": syscall.SYS_FUTEX,
}

3
standard_init_linux.go
View File

@ -99,5 +99,8 @@ func (l *linuxStandardInit) Init() error {
if syscall.Getppid() != l.parentPid {
return syscall.Kill(syscall.Getpid(), syscall.SIGKILL)
}
if err := finalizeSeccomp(l.config); err != nil {
return err
}
return system.Execv(l.config.Args[0], l.config.Args[0:], os.Environ())
}