Albert S
1b4c5477a5
qssb.h was a preliminary name and can't be pronounced smoothly. exile.h is more fitting and it's also short. Something exiled is essentially something isolated, which is pretty much what this library does (isolation from resources such as file system, network and others accessible by system calls).
364 lines
18 KiB
Plaintext
364 lines
18 KiB
Plaintext
# Assign system calls to groups. In the future, may also include simple arg filtering.
|
|
read EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
write EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
open EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
close EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
stat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
fstat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
lstat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
poll EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
lseek EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
mmap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
mprotect EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
munmap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
brk EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigaction EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigprocmask EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigreturn EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
ioctl EXILE_SYSCGROUP_IOCTL,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
pread64 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
pwrite64 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
readv EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
writev EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
access EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
pipe EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
select EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
sched_yield EXILE_SYSCGROUP_SCHED,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
mremap EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
msync EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
mincore EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
madvise EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
shmget EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
shmat EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
shmctl EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
dup EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
dup2 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
pause EXILE_SYSCGROUP_PAUSE,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
nanosleep EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
getitimer EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
alarm EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
setitimer EXILE_SYSCGROUP_TIMER,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
getpid EXILE_SYSCGROUP_PROCESS,EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
sendfile EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
socket EXILE_SYSCGROUP_SOCKET
|
|
connect EXILE_SYSCGROUP_SOCKET
|
|
accept EXILE_SYSCGROUP_SOCKET
|
|
sendto EXILE_SYSCGROUP_SOCKET
|
|
recvfrom EXILE_SYSCGROUP_SOCKET
|
|
sendmsg EXILE_SYSCGROUP_SOCKET
|
|
recvmsg EXILE_SYSCGROUP_SOCKET
|
|
shutdown EXILE_SYSCGROUP_SOCKET
|
|
bind EXILE_SYSCGROUP_SOCKET
|
|
listen EXILE_SYSCGROUP_SOCKET
|
|
getsockname EXILE_SYSCGROUP_SOCKET
|
|
getpeername EXILE_SYSCGROUP_SOCKET
|
|
socketpair EXILE_SYSCGROUP_SOCKET,EXILE_SYSCGROUP_IPC
|
|
setsockopt EXILE_SYSCGROUP_SOCKET
|
|
getsockopt EXILE_SYSCGROUP_SOCKET
|
|
clone EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
fork EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
vfork EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
execve EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_EXEC
|
|
exit EXILE_SYSCGROUP_PROCESS,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
wait4 EXILE_SYSCGROUP_EXEC
|
|
kill EXILE_SYSCGROUP_KILL
|
|
uname EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
semget EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
semop EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
semctl EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
shmdt EXILE_SYSCGROUP_SHM,EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
msgget EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
msgsnd EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
msgrcv EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
msgctl EXILE_SYSCGROUP_IPC,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
fcntl EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
flock EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
fsync EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
fdatasync EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
truncate EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
ftruncate EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
getdents EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
getcwd EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
chdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
fchdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
rename EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
mkdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
rmdir EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
creat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
link EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
unlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
symlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
readlink EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
chmod EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
fchmod EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
chown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
fchown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
lchown EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
umask EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
gettimeofday EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
getrlimit EXILE_SYSCGROUP_RES,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
getrusage EXILE_SYSCGROUP_RES,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
sysinfo EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
times EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
ptrace EXILE_SYSCGROUP_PTRACE,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
getuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
syslog EXILE_SYSCGROUP_SYS
|
|
getgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
setuid EXILE_SYSCGROUP_ID
|
|
setgid EXILE_SYSCGROUP_ID
|
|
geteuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
getegid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
setpgid EXILE_SYSCGROUP_ID
|
|
getppid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
getpgrp EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
setsid EXILE_SYSCGROUP_ID
|
|
setreuid EXILE_SYSCGROUP_ID
|
|
setregid EXILE_SYSCGROUP_ID
|
|
getgroups EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
setgroups EXILE_SYSCGROUP_ID
|
|
setresuid EXILE_SYSCGROUP_ID
|
|
getresuid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
setresgid EXILE_SYSCGROUP_ID
|
|
getresgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
getpgid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
setfsuid EXILE_SYSCGROUP_ID
|
|
setfsgid EXILE_SYSCGROUP_ID
|
|
getsid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
capget EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
capset EXILE_SYSCGROUP_ID
|
|
rt_sigpending EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigtimedwait EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigqueueinfo EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigsuspend EXILE_SYSCGROUP_RT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
sigaltstack EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_SIGNAL
|
|
utime EXILE_SYSCGROUP_TIME,EXILE_SYSCGROUP_FS
|
|
mknod EXILE_SYSCGROUP_DEV,EXILE_SYSCGROUP_FS
|
|
uselib EXILE_SYSCGROUP_LIB,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
personality EXILE_SYSCGROUP_PROCESS
|
|
ustat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS
|
|
statfs EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS
|
|
fstatfs EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_FS
|
|
sysfs EXILE_SYSCGROUP_SYS,EXILE_SYSCGROUP_FS
|
|
getpriority EXILE_SYSCGROUP_SCHED
|
|
setpriority EXILE_SYSCGROUP_SCHED
|
|
sched_setparam EXILE_SYSCGROUP_SCHED
|
|
sched_getparam EXILE_SYSCGROUP_SCHED
|
|
sched_setscheduler EXILE_SYSCGROUP_SCHED
|
|
sched_getscheduler EXILE_SYSCGROUP_SCHED
|
|
sched_get_priority_max EXILE_SYSCGROUP_SCHED
|
|
sched_get_priority_min EXILE_SYSCGROUP_SCHED
|
|
sched_rr_get_interval EXILE_SYSCGROUP_SCHED
|
|
mlock EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
munlock EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
mlockall EXILE_SYSCGROUP_MEMORY
|
|
munlockall EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
vhangup EXILE_SYSCGROUP_TTY
|
|
modify_ldt EXILE_SYSCGROUP_PROCESS
|
|
pivot_root EXILE_SYSCGROUP_CHROOT
|
|
_sysctl EXILE_SYSCGROUP_SYS
|
|
prctl EXILE_SYSCGROUP_PROCESS
|
|
arch_prctl EXILE_SYSCGROUP_PROCESS
|
|
adjtimex EXILE_SYSCGROUP_CLOCK
|
|
setrlimit EXILE_SYSCGROUP_RES
|
|
chroot EXILE_SYSCGROUP_CHROOT,EXILE_SYSCGROUP_FS
|
|
sync EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
acct EXILE_SYSCGROUP_PROCESS
|
|
settimeofday EXILE_SYSCGROUP_TIME
|
|
mount EXILE_SYSCGROUP_MOUNT,EXILE_SYSCGROUP_FS
|
|
umount2 EXILE_SYSCGROUP_UMOUNT,EXILE_SYSCGROUP_FS
|
|
swapon EXILE_SYSCGROUP_SWAP
|
|
swapoff EXILE_SYSCGROUP_SWAP
|
|
reboot EXILE_SYSCGROUP_POWER
|
|
sethostname EXILE_SYSCGROUP_HOST
|
|
setdomainname EXILE_SYSCGROUP_HOST
|
|
iopl EXILE_SYSCGROUP_IOPL
|
|
ioperm EXILE_SYSCGROUP_IOPL
|
|
create_module EXILE_SYSCGROUP_KMOD
|
|
init_module EXILE_SYSCGROUP_KMOD
|
|
delete_module EXILE_SYSCGROUP_KMOD
|
|
get_kernel_syms EXILE_SYSCGROUP_KMOD
|
|
query_module EXILE_SYSCGROUP_KMOD
|
|
quotactl EXILE_SYSCGROUP_QUOTA
|
|
nfsservctl EXILE_SYSCGROUP_NONE
|
|
getpmsg EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
putpmsg EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
afs_syscall EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
tuxcall EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
security EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
gettid EXILE_SYSCGROUP_ID,EXILE_SYSCGROUP_THREAD
|
|
readahead EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS
|
|
setxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
lsetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
fsetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
getxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
lgetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
fgetxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
listxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
llistxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
flistxattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
removexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
lremovexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
fremovexattr EXILE_SYSCGROUP_XATTR,EXILE_SYSCGROUP_FS
|
|
tkill EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_SIGNAL
|
|
time EXILE_SYSCGROUP_TIME
|
|
futex EXILE_SYSCGROUP_THREAD,EXILE_SYSCGROUP_FUTEX
|
|
sched_setaffinity EXILE_SYSCGROUP_SCHED
|
|
sched_getaffinity EXILE_SYSCGROUP_SCHED
|
|
set_thread_area EXILE_SYSCGROUP_THREAD
|
|
io_setup EXILE_SYSCGROUP_IO
|
|
io_destroy EXILE_SYSCGROUP_IO
|
|
io_getevents EXILE_SYSCGROUP_IO
|
|
io_submit EXILE_SYSCGROUP_IO
|
|
io_cancel EXILE_SYSCGROUP_IO
|
|
get_thread_area EXILE_SYSCGROUP_THREAD
|
|
lookup_dcookie EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FS
|
|
epoll_create EXILE_SYSCGROUP_STDIO
|
|
epoll_ctl_old EXILE_SYSCGROUP_STDIO
|
|
epoll_wait_old EXILE_SYSCGROUP_STDIO
|
|
remap_file_pages EXILE_SYSCGROUP_NONE
|
|
getdents64 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FS
|
|
set_tid_address EXILE_SYSCGROUP_THREAD
|
|
restart_syscall EXILE_SYSCGROUP_SYSCALL
|
|
semtimedop EXILE_SYSCGROUP_SEM
|
|
fadvise64 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FD
|
|
timer_create EXILE_SYSCGROUP_TIMER
|
|
timer_settime EXILE_SYSCGROUP_TIMER
|
|
timer_gettime EXILE_SYSCGROUP_TIMER
|
|
timer_getoverrun EXILE_SYSCGROUP_TIMER
|
|
timer_delete EXILE_SYSCGROUP_TIMER
|
|
clock_settime EXILE_SYSCGROUP_TIME
|
|
clock_gettime EXILE_SYSCGROUP_TIME
|
|
clock_getres EXILE_SYSCGROUP_TIME
|
|
clock_nanosleep EXILE_SYSCGROUP_TIME
|
|
exit_group EXILE_SYSCGROUP_EXIT,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
epoll_wait EXILE_SYSCGROUP_FD
|
|
epoll_ctl EXILE_SYSCGROUP_FD
|
|
tgkill EXILE_SYSCGROUP_SIGNAL,EXILE_SYSCGROUP_THREAD
|
|
utimes EXILE_SYSCGROUP_PATH
|
|
vserver EXILE_SYSCGROUP_UNIMPLEMENTED
|
|
mbind EXILE_SYSCGROUP_MEMORY
|
|
set_mempolicy EXILE_SYSCGROUP_MEMORY
|
|
get_mempolicy EXILE_SYSCGROUP_MEMORY
|
|
mq_open EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
mq_unlink EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
mq_timedsend EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
mq_timedreceive EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
mq_notify EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
mq_getsetattr EXILE_SYSCGROUP_MQ,EXILE_SYSCGROUP_IPC
|
|
kexec_load EXILE_SYSCGROUP_KEXEC
|
|
waitid EXILE_SYSCGROUP_SIGNAL
|
|
add_key EXILE_SYSCGROUP_KEYS
|
|
request_key EXILE_SYSCGROUP_KEYS
|
|
keyctl EXILE_SYSCGROUP_KEYS
|
|
ioprio_set EXILE_SYSCGROUP_PRIO
|
|
ioprio_get EXILE_SYSCGROUP_PRIO
|
|
inotify_init EXILE_SYSCGROUP_INOTIFY
|
|
inotify_add_watch EXILE_SYSCGROUP_INOTIFY
|
|
inotify_rm_watch EXILE_SYSCGROUP_INOTIFY
|
|
migrate_pages EXILE_SYSCGROUP_PROCESS
|
|
openat EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
mkdirat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
mknodat EXILE_SYSCGROUP_DEV,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
fchownat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
futimesat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
newfstatat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
unlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
renameat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
linkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
symlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
readlinkat EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
fchmodat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
faccessat EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
pselect6 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
ppoll EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW,EXILE_SYSCGROUP_FS
|
|
unshare EXILE_SYSCGROUP_NS,EXILE_SYSCGROUP_FS
|
|
set_robust_list EXILE_SYSCGROUP_FUTEX
|
|
get_robust_list EXILE_SYSCGROUP_FUTEX
|
|
splice EXILE_SYSCGROUP_FD
|
|
tee EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
sync_file_range EXILE_SYSCGROUP_FD
|
|
vmsplice EXILE_SYSCGROUP_FD
|
|
move_pages EXILE_SYSCGROUP_PROCESS
|
|
utimensat EXILE_SYSCGROUP_PATH
|
|
epoll_pwait EXILE_SYSCGROUP_STDIO
|
|
signalfd EXILE_SYSCGROUP_SIGNAL
|
|
timerfd_create EXILE_SYSCGROUP_TIMER
|
|
eventfd EXILE_SYSCGROUP_FD
|
|
fallocate EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_FD
|
|
timerfd_settime EXILE_SYSCGROUP_TIMER
|
|
timerfd_gettime EXILE_SYSCGROUP_TIMER
|
|
accept4 EXILE_SYSCGROUP_SOCKET
|
|
signalfd4 EXILE_SYSCGROUP_FD
|
|
eventfd2 EXILE_SYSCGROUP_FD
|
|
epoll_create1 EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
dup3 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
pipe2 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
inotify_init1 EXILE_SYSCGROUP_INOTIFY
|
|
preadv EXILE_SYSCGROUP_STDIO
|
|
pwritev EXILE_SYSCGROUP_STDIO
|
|
rt_tgsigqueueinfo EXILE_SYSCGROUP_RT
|
|
perf_event_open EXILE_SYSCGROUP_PERF
|
|
recvmmsg EXILE_SYSCGROUP_SOCKET
|
|
fanotify_init EXILE_SYSCGROUP_FANOTIFY
|
|
fanotify_mark EXILE_SYSCGROUP_FANOTIFY
|
|
prlimit64 EXILE_SYSCGROUP_RES
|
|
name_to_handle_at EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS
|
|
open_by_handle_at EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_FS
|
|
clock_adjtime EXILE_SYSCGROUP_CLOCK
|
|
syncfs EXILE_SYSCGROUP_FD
|
|
sendmmsg EXILE_SYSCGROUP_SOCKET
|
|
setns EXILE_SYSCGROUP_NS
|
|
getcpu EXILE_SYSCGROUP_SCHED
|
|
#maybe IPC, but feels wrong
|
|
process_vm_readv EXILE_SYSCGROUP_NONE
|
|
process_vm_writev EXILE_SYSCGROUP_NONE
|
|
kcmp EXILE_SYSCGROUP_NONE
|
|
finit_module EXILE_SYSCGROUP_KMOD
|
|
sched_setattr EXILE_SYSCGROUP_SCHED
|
|
sched_getattr EXILE_SYSCGROUP_SCHED,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
renameat2 EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
seccomp EXILE_SYSCGROUP_NONE
|
|
getrandom EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
memfd_create EXILE_SYSCGROUP_MEMORY,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
kexec_file_load EXILE_SYSCGROUP_KEXEC
|
|
bpf EXILE_SYSCGROUP_NONE
|
|
execveat EXILE_SYSCGROUP_EXEC
|
|
userfaultfd EXILE_SYSCGROUP_NONE
|
|
membarrier EXILE_SYSCGROUP_NONE
|
|
mlock2 EXILE_SYSCGROUP_MEMORY
|
|
copy_file_range EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_DEFAULT_ALLOW
|
|
preadv2 EXILE_SYSCGROUP_STDIO
|
|
pwritev2 EXILE_SYSCGROUP_STDIO
|
|
#Those are newer than 5.10, wrap them in ifndef so we can compile on old systems
|
|
pkey_mprotect EXILE_SYSCGROUP_PKEY genifndef(329)
|
|
pkey_alloc EXILE_SYSCGROUP_PKEY genifndef(330)
|
|
pkey_free EXILE_SYSCGROUP_PKEY genifndef(331)
|
|
statx EXILE_SYSCGROUP_STAT,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(332)
|
|
io_pgetevents EXILE_SYSCGROUP_NONE genifndef(333)
|
|
rseq EXILE_SYSCGROUP_THREAD genifndef(334)
|
|
pidfd_send_signal EXILE_SYSCGROUP_PIDFD genifndef(424)
|
|
io_uring_setup EXILE_SYSCGROUP_IOURING genifndef(425)
|
|
io_uring_enter EXILE_SYSCGROUP_IOURING genifndef(426)
|
|
io_uring_register EXILE_SYSCGROUP_IOURING genifndef(427)
|
|
open_tree EXILE_SYSCGROUP_NEWMOUNT genifndef(428)
|
|
move_mount EXILE_SYSCGROUP_NEWMOUNT genifndef(429)
|
|
fsopen EXILE_SYSCGROUP_NEWMOUNT genifndef(430)
|
|
fsconfig EXILE_SYSCGROUP_NEWMOUNT genifndef(431)
|
|
fsmount EXILE_SYSCGROUP_NEWMOUNT genifndef(432)
|
|
fspick EXILE_SYSCGROUP_NEWMOUNT genifndef(433)
|
|
pidfd_open EXILE_SYSCGROUP_PIDFD genifndef(434)
|
|
clone3 EXILE_SYSCGROUP_CLONE,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(435)
|
|
close_range EXILE_SYSCGROUP_STDIO,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(436)
|
|
openat2 EXILE_SYSCGROUP_FD,EXILE_SYSCGROUP_PATH,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(437)
|
|
pidfd_getfd EXILE_SYSCGROUP_PIDFD genifndef(438)
|
|
faccessat2 EXILE_SYSCGROUP_PERMS,EXILE_SYSCGROUP_DEFAULT_ALLOW genifndef(439)
|
|
process_madvise EXILE_SYSCGROUP_MEMORY genifndef(440)
|
|
epoll_pwait2 EXILE_SYSCGROUP_STDIO genifndef(441)
|
|
mount_setattr EXILE_SYSCGROUP_NONE genifndef(442)
|
|
quotactl_fd EXILE_SYSCGROUP_QUOTA genifndef(443)
|
|
landlock_create_ruleset EXILE_SYSCGROUP_LANDLOCK genifndef(444)
|
|
landlock_add_rule EXILE_SYSCGROUP_LANDLOCK genifndef(445)
|
|
landlock_restrict_self EXILE_SYSCGROUP_LANDLOCK genifndef(446)
|
|
memfd_secret EXILE_SYSCGROUP_NONE genifndef(447)
|
|
process_mrelease EXILE_SYSCGROUP_NONE genifndef(448)
|