2021-09-19 15:23:41 +02:00
|
|
|
# Assign system calls to groups. In the future, may also include simple arg filtering.
|
2021-11-30 17:57:48 +01:00
|
|
|
read EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
write EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
open EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
close EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
stat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
fstat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
lstat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
poll EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
lseek EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
mmap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
mprotect EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
munmap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
brk EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
rt_sigaction EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
rt_sigprocmask EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
rt_sigreturn EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
ioctl EXILE_SYSCGROUP_IOCTL,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
pread64 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
pwrite64 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
readv EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
writev EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
access EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
pipe EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
select EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
sched_yield EXILE_SYSCGROUP_SCHED,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
mremap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
msync EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
mincore EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
madvise EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
shmget EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
shmat EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
shmctl EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
dup EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
dup2 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
pause EXILE_SYSCGROUP_PAUSE,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
nanosleep EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
getitimer EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
alarm EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
setitimer EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
getpid EXILE_SYSCGROUP_PROCESS,EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
sendfile EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
socket EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
connect EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
accept EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
sendto EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
recvfrom EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
sendmsg EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
recvmsg EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
shutdown EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
bind EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
listen EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
getsockname EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
getpeername EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
socketpair EXILE_SYSCGROUP_SOCKET,EXILE_SYSCGROUP_IPC
|
|
|
|
|
setsockopt EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
getsockopt EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
clone EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
fork EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
vfork EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
execve EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_EXEC
|
|
|
|
|
exit EXILE_SYSCGROUP_PROCESS,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
wait4 EXILE_SYSCGROUP_EXEC
|
|
|
|
|
kill EXILE_SYSCGROUP_KILL
|
|
|
|
|
uname EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
semget EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
semop EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
semctl EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
shmdt EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
msgget EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
msgsnd EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
msgrcv EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
msgctl EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
fcntl EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
flock EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
fsync EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
fdatasync EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
truncate EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
ftruncate EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
getdents EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
getcwd EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
chdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
fchdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
rename EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
mkdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
rmdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
creat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
link EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
unlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
symlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
readlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
chmod EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
fchmod EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
chown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
fchown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
lchown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
umask EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
gettimeofday EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
getrlimit EXILE_SYSCGROUP_RES,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
getrusage EXILE_SYSCGROUP_RES,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
sysinfo EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
times EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
ptrace EXILE_SYSCGROUP_PTRACE,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
getuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
syslog EXILE_SYSCGROUP_SYS
|
|
|
|
|
getgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
setuid EXILE_SYSCGROUP_ID
|
|
|
|
|
setgid EXILE_SYSCGROUP_ID
|
|
|
|
|
geteuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
getegid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
setpgid EXILE_SYSCGROUP_ID
|
|
|
|
|
getppid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
getpgrp EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
setsid EXILE_SYSCGROUP_ID
|
|
|
|
|
setreuid EXILE_SYSCGROUP_ID
|
|
|
|
|
setregid EXILE_SYSCGROUP_ID
|
|
|
|
|
getgroups EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
setgroups EXILE_SYSCGROUP_ID
|
|
|
|
|
setresuid EXILE_SYSCGROUP_ID
|
|
|
|
|
getresuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
setresgid EXILE_SYSCGROUP_ID
|
|
|
|
|
getresgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
getpgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
setfsuid EXILE_SYSCGROUP_ID
|
|
|
|
|
setfsgid EXILE_SYSCGROUP_ID
|
|
|
|
|
getsid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
capget EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
capset EXILE_SYSCGROUP_ID
|
|
|
|
|
rt_sigpending EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
rt_sigtimedwait EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
rt_sigqueueinfo EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
rt_sigsuspend EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
sigaltstack EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_SIGNAL
|
|
|
|
|
utime EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_FS
|
|
|
|
|
mknod EXILE_SYSCGROUP_DEV,EXILE_SYSCGROUP_FS
|
|
|
|
|
uselib EXILE_SYSCGROUP_LIB,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
personality EXILE_SYSCGROUP_PROCESS
|
|
|
|
|
ustat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS
|
|
|
|
|
statfs EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS
|
|
|
|
|
fstatfs EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS
|
|
|
|
|
sysfs EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_FS
|
|
|
|
|
getpriority EXILE_SYSCGROUP_SCHED
|
|
|
|
|
setpriority EXILE_SYSCGROUP_SCHED
|
|
|
|
|
sched_setparam EXILE_SYSCGROUP_SCHED
|
|
|
|
|
sched_getparam EXILE_SYSCGROUP_SCHED
|
|
|
|
|
sched_setscheduler EXILE_SYSCGROUP_SCHED
|
|
|
|
|
sched_getscheduler EXILE_SYSCGROUP_SCHED
|
|
|
|
|
sched_get_priority_max EXILE_SYSCGROUP_SCHED
|
|
|
|
|
sched_get_priority_min EXILE_SYSCGROUP_SCHED
|
|
|
|
|
sched_rr_get_interval EXILE_SYSCGROUP_SCHED
|
|
|
|
|
mlock EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
munlock EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
mlockall EXILE_SYSCGROUP_MEMORY
|
|
|
|
|
munlockall EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
vhangup EXILE_SYSCGROUP_TTY
|
|
|
|
|
modify_ldt EXILE_SYSCGROUP_PROCESS
|
|
|
|
|
pivot_root EXILE_SYSCGROUP_CHROOT
|
|
|
|
|
_sysctl EXILE_SYSCGROUP_SYS
|
|
|
|
|
prctl EXILE_SYSCGROUP_PROCESS
|
|
|
|
|
arch_prctl EXILE_SYSCGROUP_PROCESS
|
|
|
|
|
adjtimex EXILE_SYSCGROUP_CLOCK
|
|
|
|
|
setrlimit EXILE_SYSCGROUP_RES
|
|
|
|
|
chroot EXILE_SYSCGROUP_CHROOT,EXILE_SYSCGROUP_FS
|
|
|
|
|
sync EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
acct EXILE_SYSCGROUP_PROCESS
|
|
|
|
|
settimeofday EXILE_SYSCGROUP_TIME
|
|
|
|
|
mount EXILE_SYSCGROUP_MOUNT,EXILE_SYSCGROUP_FS
|
|
|
|
|
umount2 EXILE_SYSCGROUP_UMOUNT,EXILE_SYSCGROUP_FS
|
|
|
|
|
swapon EXILE_SYSCGROUP_SWAP
|
|
|
|
|
swapoff EXILE_SYSCGROUP_SWAP
|
|
|
|
|
reboot EXILE_SYSCGROUP_POWER
|
|
|
|
|
sethostname EXILE_SYSCGROUP_HOST
|
|
|
|
|
setdomainname EXILE_SYSCGROUP_HOST
|
|
|
|
|
iopl EXILE_SYSCGROUP_IOPL
|
|
|
|
|
ioperm EXILE_SYSCGROUP_IOPL
|
|
|
|
|
create_module EXILE_SYSCGROUP_KMOD
|
|
|
|
|
init_module EXILE_SYSCGROUP_KMOD
|
|
|
|
|
delete_module EXILE_SYSCGROUP_KMOD
|
|
|
|
|
get_kernel_syms EXILE_SYSCGROUP_KMOD
|
|
|
|
|
query_module EXILE_SYSCGROUP_KMOD
|
|
|
|
|
quotactl EXILE_SYSCGROUP_QUOTA
|
|
|
|
|
nfsservctl EXILE_SYSCGROUP_NONE
|
|
|
|
|
getpmsg EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
|
|
|
putpmsg EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
|
|
|
afs_syscall EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
|
|
|
tuxcall EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
|
|
|
security EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
|
|
|
gettid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_THREAD
|
|
|
|
|
readahead EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS
|
|
|
|
|
setxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
|
|
|
lsetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
|
|
|
fsetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
|
|
|
getxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
lgetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
fgetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
listxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
|
|
|
llistxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
|
|
|
flistxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
|
|
|
removexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
|
|
|
lremovexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
|
|
|
fremovexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
|
|
|
tkill EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_SIGNAL
|
|
|
|
|
time EXILE_SYSCGROUP_TIME
|
|
|
|
|
futex EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_FUTEX
|
|
|
|
|
sched_setaffinity EXILE_SYSCGROUP_SCHED
|
|
|
|
|
sched_getaffinity EXILE_SYSCGROUP_SCHED
|
|
|
|
|
set_thread_area EXILE_SYSCGROUP_THREAD
|
|
|
|
|
io_setup EXILE_SYSCGROUP_IO
|
|
|
|
|
io_destroy EXILE_SYSCGROUP_IO
|
|
|
|
|
io_getevents EXILE_SYSCGROUP_IO
|
|
|
|
|
io_submit EXILE_SYSCGROUP_IO
|
|
|
|
|
io_cancel EXILE_SYSCGROUP_IO
|
|
|
|
|
get_thread_area EXILE_SYSCGROUP_THREAD
|
|
|
|
|
lookup_dcookie EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FS
|
|
|
|
|
epoll_create EXILE_SYSCGROUP_STDIO
|
|
|
|
|
epoll_ctl_old EXILE_SYSCGROUP_STDIO
|
|
|
|
|
epoll_wait_old EXILE_SYSCGROUP_STDIO
|
|
|
|
|
remap_file_pages EXILE_SYSCGROUP_NONE
|
|
|
|
|
getdents64 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FS
|
|
|
|
|
set_tid_address EXILE_SYSCGROUP_THREAD
|
|
|
|
|
restart_syscall EXILE_SYSCGROUP_SYSCALL
|
|
|
|
|
semtimedop EXILE_SYSCGROUP_SEM
|
|
|
|
|
fadvise64 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FD
|
|
|
|
|
timer_create EXILE_SYSCGROUP_TIMER
|
|
|
|
|
timer_settime EXILE_SYSCGROUP_TIMER
|
|
|
|
|
timer_gettime EXILE_SYSCGROUP_TIMER
|
|
|
|
|
timer_getoverrun EXILE_SYSCGROUP_TIMER
|
|
|
|
|
timer_delete EXILE_SYSCGROUP_TIMER
|
|
|
|
|
clock_settime EXILE_SYSCGROUP_TIME
|
|
|
|
|
clock_gettime EXILE_SYSCGROUP_TIME
|
|
|
|
|
clock_getres EXILE_SYSCGROUP_TIME
|
|
|
|
|
clock_nanosleep EXILE_SYSCGROUP_TIME
|
|
|
|
|
exit_group EXILE_SYSCGROUP_EXIT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
epoll_wait EXILE_SYSCGROUP_FD
|
|
|
|
|
epoll_ctl EXILE_SYSCGROUP_FD
|
|
|
|
|
tgkill EXILE_SYSCGROUP_SIGNAL,EXILE_SYSCGROUP_THREAD
|
|
|
|
|
utimes EXILE_SYSCGROUP_PATH
|
|
|
|
|
vserver EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
|
|
|
mbind EXILE_SYSCGROUP_MEMORY
|
|
|
|
|
set_mempolicy EXILE_SYSCGROUP_MEMORY
|
|
|
|
|
get_mempolicy EXILE_SYSCGROUP_MEMORY
|
|
|
|
|
mq_open EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
|
|
|
mq_unlink EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
|
|
|
mq_timedsend EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
|
|
|
mq_timedreceive EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
|
|
|
mq_notify EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
|
|
|
mq_getsetattr EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
|
|
|
kexec_load EXILE_SYSCGROUP_KEXEC
|
|
|
|
|
waitid EXILE_SYSCGROUP_SIGNAL
|
|
|
|
|
add_key EXILE_SYSCGROUP_KEYS
|
|
|
|
|
request_key EXILE_SYSCGROUP_KEYS
|
|
|
|
|
keyctl EXILE_SYSCGROUP_KEYS
|
|
|
|
|
ioprio_set EXILE_SYSCGROUP_PRIO
|
|
|
|
|
ioprio_get EXILE_SYSCGROUP_PRIO
|
|
|
|
|
inotify_init EXILE_SYSCGROUP_INOTIFY
|
|
|
|
|
inotify_add_watch EXILE_SYSCGROUP_INOTIFY
|
|
|
|
|
inotify_rm_watch EXILE_SYSCGROUP_INOTIFY
|
|
|
|
|
migrate_pages EXILE_SYSCGROUP_PROCESS
|
|
|
|
|
openat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
mkdirat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
mknodat EXILE_SYSCGROUP_DEV,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
fchownat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
futimesat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
newfstatat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
unlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
renameat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
linkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
symlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
readlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
fchmodat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
faccessat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
pselect6 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
ppoll EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
|
|
|
unshare EXILE_SYSCGROUP_NS,EXILE_SYSCGROUP_FS
|
|
|
|
|
set_robust_list EXILE_SYSCGROUP_FUTEX
|
|
|
|
|
get_robust_list EXILE_SYSCGROUP_FUTEX
|
|
|
|
|
splice EXILE_SYSCGROUP_FD
|
|
|
|
|
tee EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
sync_file_range EXILE_SYSCGROUP_FD
|
|
|
|
|
vmsplice EXILE_SYSCGROUP_FD
|
|
|
|
|
move_pages EXILE_SYSCGROUP_PROCESS
|
|
|
|
|
utimensat EXILE_SYSCGROUP_PATH
|
|
|
|
|
epoll_pwait EXILE_SYSCGROUP_STDIO
|
|
|
|
|
signalfd EXILE_SYSCGROUP_SIGNAL
|
|
|
|
|
timerfd_create EXILE_SYSCGROUP_TIMER
|
|
|
|
|
eventfd EXILE_SYSCGROUP_FD
|
|
|
|
|
fallocate EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FD
|
|
|
|
|
timerfd_settime EXILE_SYSCGROUP_TIMER
|
|
|
|
|
timerfd_gettime EXILE_SYSCGROUP_TIMER
|
|
|
|
|
accept4 EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
signalfd4 EXILE_SYSCGROUP_FD
|
|
|
|
|
eventfd2 EXILE_SYSCGROUP_FD
|
|
|
|
|
epoll_create1 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
dup3 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
pipe2 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
inotify_init1 EXILE_SYSCGROUP_INOTIFY
|
|
|
|
|
preadv EXILE_SYSCGROUP_STDIO
|
|
|
|
|
pwritev EXILE_SYSCGROUP_STDIO
|
|
|
|
|
rt_tgsigqueueinfo EXILE_SYSCGROUP_RT
|
|
|
|
|
perf_event_open EXILE_SYSCGROUP_PERF
|
|
|
|
|
recvmmsg EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
fanotify_init EXILE_SYSCGROUP_FANOTIFY
|
|
|
|
|
fanotify_mark EXILE_SYSCGROUP_FANOTIFY
|
|
|
|
|
prlimit64 EXILE_SYSCGROUP_RES
|
|
|
|
|
name_to_handle_at EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS
|
|
|
|
|
open_by_handle_at EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS
|
|
|
|
|
clock_adjtime EXILE_SYSCGROUP_CLOCK
|
|
|
|
|
syncfs EXILE_SYSCGROUP_FD
|
|
|
|
|
sendmmsg EXILE_SYSCGROUP_SOCKET
|
|
|
|
|
setns EXILE_SYSCGROUP_NS
|
|
|
|
|
getcpu EXILE_SYSCGROUP_SCHED
|
2021-09-19 15:23:41 +02:00
|
|
|
#maybe IPC, but feels wrong
|
2021-11-30 17:57:48 +01:00
|
|
|
process_vm_readv EXILE_SYSCGROUP_NONE
|
|
|
|
|
process_vm_writev EXILE_SYSCGROUP_NONE
|
|
|
|
|
kcmp EXILE_SYSCGROUP_NONE
|
|
|
|
|
finit_module EXILE_SYSCGROUP_KMOD
|
|
|
|
|
sched_setattr EXILE_SYSCGROUP_SCHED
|
|
|
|
|
sched_getattr EXILE_SYSCGROUP_SCHED,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
renameat2 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
seccomp EXILE_SYSCGROUP_NONE
|
|
|
|
|
getrandom EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
memfd_create EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
kexec_file_load EXILE_SYSCGROUP_KEXEC
|
|
|
|
|
bpf EXILE_SYSCGROUP_NONE
|
|
|
|
|
execveat EXILE_SYSCGROUP_EXEC
|
|
|
|
|
userfaultfd EXILE_SYSCGROUP_NONE
|
|
|
|
|
membarrier EXILE_SYSCGROUP_NONE
|
|
|
|
|
mlock2 EXILE_SYSCGROUP_MEMORY
|
|
|
|
|
copy_file_range EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
|
|
|
preadv2 EXILE_SYSCGROUP_STDIO
|
|
|
|
|
pwritev2 EXILE_SYSCGROUP_STDIO
|
2021-09-19 15:23:41 +02:00
|
|
|
#Those are newer than 5.10, wrap them in ifndef so we can compile on old systems
|
2021-11-30 17:57:48 +01:00
|
|
|
pkey_mprotect EXILE_SYSCGROUP_PKEY genifndef(329)
|
|
|
|
|
pkey_alloc EXILE_SYSCGROUP_PKEY genifndef(330)
|
|
|
|
|
pkey_free EXILE_SYSCGROUP_PKEY genifndef(331)
|
|
|
|
|
statx EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(332)
|
|
|
|
|
io_pgetevents EXILE_SYSCGROUP_NONE genifndef(333)
|
|
|
|
|
rseq EXILE_SYSCGROUP_THREAD genifndef(334)
|
|
|
|
|
pidfd_send_signal EXILE_SYSCGROUP_PIDFD genifndef(424)
|
|
|
|
|
io_uring_setup EXILE_SYSCGROUP_IOURING genifndef(425)
|
|
|
|
|
io_uring_enter EXILE_SYSCGROUP_IOURING genifndef(426)
|
|
|
|
|
io_uring_register EXILE_SYSCGROUP_IOURING genifndef(427)
|
|
|
|
|
open_tree EXILE_SYSCGROUP_NEWMOUNT genifndef(428)
|
|
|
|
|
move_mount EXILE_SYSCGROUP_NEWMOUNT genifndef(429)
|
|
|
|
|
fsopen EXILE_SYSCGROUP_NEWMOUNT genifndef(430)
|
|
|
|
|
fsconfig EXILE_SYSCGROUP_NEWMOUNT genifndef(431)
|
|
|
|
|
fsmount EXILE_SYSCGROUP_NEWMOUNT genifndef(432)
|
|
|
|
|
fspick EXILE_SYSCGROUP_NEWMOUNT genifndef(433)
|
|
|
|
|
pidfd_open EXILE_SYSCGROUP_PIDFD genifndef(434)
|
|
|
|
|
clone3 EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(435)
|
|
|
|
|
close_range EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(436)
|
|
|
|
|
openat2 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(437)
|
|
|
|
|
pidfd_getfd EXILE_SYSCGROUP_PIDFD genifndef(438)
|
|
|
|
|
faccessat2 EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(439)
|
|
|
|
|
process_madvise EXILE_SYSCGROUP_MEMORY genifndef(440)
|
|
|
|
|
epoll_pwait2 EXILE_SYSCGROUP_STDIO genifndef(441)
|
|
|
|
|
mount_setattr EXILE_SYSCGROUP_NONE genifndef(442)
|
|
|
|
|
quotactl_fd EXILE_SYSCGROUP_QUOTA genifndef(443)
|
|
|
|
|
landlock_create_ruleset EXILE_SYSCGROUP_LANDLOCK genifndef(444)
|
|
|
|
|
landlock_add_rule EXILE_SYSCGROUP_LANDLOCK genifndef(445)
|
|
|
|
|
landlock_restrict_self EXILE_SYSCGROUP_LANDLOCK genifndef(446)
|
|
|
|
|
memfd_secret EXILE_SYSCGROUP_NONE genifndef(447)
|
|
|
|
|
process_mrelease EXILE_SYSCGROUP_NONE genifndef(448)
|
