Albert S
db17e58deb
Classify syscalls into groups, for x86_64 only for now. Up to date for 5.15, generate some #ifndef for syscalls introduced since 5.10. Only support x86_64 therefore at this point. Switch from blacklisting to a default whitelist.
364 lines
17 KiB
Plaintext
364 lines
17 KiB
Plaintext
# Assign system calls to groups. In the future, may also include simple arg filtering.
|
|
read QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
write QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
open QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
close QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
stat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
fstat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
lstat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
poll QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
lseek QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
mmap QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
mprotect QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
munmap QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
brk QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigaction QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigprocmask QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigreturn QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
ioctl QSSB_SYSCGROUP_IOCTL,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
pread64 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
pwrite64 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
readv QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
writev QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
access QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
pipe QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
select QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
sched_yield QSSB_SYSCGROUP_SCHED,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
mremap QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
msync QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
mincore QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
madvise QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
shmget QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
shmat QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
shmctl QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
dup QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
dup2 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
pause QSSB_SYSCGROUP_PAUSE,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
nanosleep QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
getitimer QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
alarm QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
setitimer QSSB_SYSCGROUP_TIMER,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
getpid QSSB_SYSCGROUP_PROCESS,QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
sendfile QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
socket QSSB_SYSCGROUP_SOCKET
|
|
connect QSSB_SYSCGROUP_SOCKET
|
|
accept QSSB_SYSCGROUP_SOCKET
|
|
sendto QSSB_SYSCGROUP_SOCKET
|
|
recvfrom QSSB_SYSCGROUP_SOCKET
|
|
sendmsg QSSB_SYSCGROUP_SOCKET
|
|
recvmsg QSSB_SYSCGROUP_SOCKET
|
|
shutdown QSSB_SYSCGROUP_SOCKET
|
|
bind QSSB_SYSCGROUP_SOCKET
|
|
listen QSSB_SYSCGROUP_SOCKET
|
|
getsockname QSSB_SYSCGROUP_SOCKET
|
|
getpeername QSSB_SYSCGROUP_SOCKET
|
|
socketpair QSSB_SYSCGROUP_SOCKET,QSSB_SYSCGROUP_IPC
|
|
setsockopt QSSB_SYSCGROUP_SOCKET
|
|
getsockopt QSSB_SYSCGROUP_SOCKET
|
|
clone QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
fork QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
vfork QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
execve QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_EXEC
|
|
exit QSSB_SYSCGROUP_PROCESS,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
wait4 QSSB_SYSCGROUP_EXEC
|
|
kill QSSB_SYSCGROUP_KILL
|
|
uname QSSB_SYSCGROUP_SYS,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
semget QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
semop QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
semctl QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
shmdt QSSB_SYSCGROUP_SHM,QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
msgget QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
msgsnd QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
msgrcv QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
msgctl QSSB_SYSCGROUP_IPC,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
fcntl QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
flock QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
fsync QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
fdatasync QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
truncate QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
ftruncate QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
getdents QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
getcwd QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
chdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
fchdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
rename QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
mkdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
rmdir QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
creat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
link QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
unlink QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
symlink QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
readlink QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
chmod QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
fchmod QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
chown QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
fchown QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
lchown QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
umask QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
gettimeofday QSSB_SYSCGROUP_TIME,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
getrlimit QSSB_SYSCGROUP_RES,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
getrusage QSSB_SYSCGROUP_RES,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
sysinfo QSSB_SYSCGROUP_SYS,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
times QSSB_SYSCGROUP_TIME,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
ptrace QSSB_SYSCGROUP_PTRACE,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
getuid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
syslog QSSB_SYSCGROUP_SYS
|
|
getgid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
setuid QSSB_SYSCGROUP_ID
|
|
setgid QSSB_SYSCGROUP_ID
|
|
geteuid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
getegid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
setpgid QSSB_SYSCGROUP_ID
|
|
getppid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
getpgrp QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
setsid QSSB_SYSCGROUP_ID
|
|
setreuid QSSB_SYSCGROUP_ID
|
|
setregid QSSB_SYSCGROUP_ID
|
|
getgroups QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
setgroups QSSB_SYSCGROUP_ID
|
|
setresuid QSSB_SYSCGROUP_ID
|
|
getresuid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
setresgid QSSB_SYSCGROUP_ID
|
|
getresgid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
getpgid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
setfsuid QSSB_SYSCGROUP_ID
|
|
setfsgid QSSB_SYSCGROUP_ID
|
|
getsid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
capget QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
capset QSSB_SYSCGROUP_ID
|
|
rt_sigpending QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigtimedwait QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigqueueinfo QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
rt_sigsuspend QSSB_SYSCGROUP_RT,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
sigaltstack QSSB_SYSCGROUP_THREAD,QSSB_SYSCGROUP_SIGNAL
|
|
utime QSSB_SYSCGROUP_TIME,QSSB_SYSCGROUP_FS
|
|
mknod QSSB_SYSCGROUP_DEV,QSSB_SYSCGROUP_FS
|
|
uselib QSSB_SYSCGROUP_LIB,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
personality QSSB_SYSCGROUP_PROCESS
|
|
ustat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_FS
|
|
statfs QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_FS
|
|
fstatfs QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_FS
|
|
sysfs QSSB_SYSCGROUP_SYS,QSSB_SYSCGROUP_FS
|
|
getpriority QSSB_SYSCGROUP_SCHED
|
|
setpriority QSSB_SYSCGROUP_SCHED
|
|
sched_setparam QSSB_SYSCGROUP_SCHED
|
|
sched_getparam QSSB_SYSCGROUP_SCHED
|
|
sched_setscheduler QSSB_SYSCGROUP_SCHED
|
|
sched_getscheduler QSSB_SYSCGROUP_SCHED
|
|
sched_get_priority_max QSSB_SYSCGROUP_SCHED
|
|
sched_get_priority_min QSSB_SYSCGROUP_SCHED
|
|
sched_rr_get_interval QSSB_SYSCGROUP_SCHED
|
|
mlock QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
munlock QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
mlockall QSSB_SYSCGROUP_MEMORY
|
|
munlockall QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
vhangup QSSB_SYSCGROUP_TTY
|
|
modify_ldt QSSB_SYSCGROUP_PROCESS
|
|
pivot_root QSSB_SYSCGROUP_CHROOT
|
|
_sysctl QSSB_SYSCGROUP_SYS
|
|
prctl QSSB_SYSCGROUP_PROCESS
|
|
arch_prctl QSSB_SYSCGROUP_PROCESS
|
|
adjtimex QSSB_SYSCGROUP_CLOCK
|
|
setrlimit QSSB_SYSCGROUP_RES
|
|
chroot QSSB_SYSCGROUP_CHROOT,QSSB_SYSCGROUP_FS
|
|
sync QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
acct QSSB_SYSCGROUP_PROCESS
|
|
settimeofday QSSB_SYSCGROUP_TIME
|
|
mount QSSB_SYSCGROUP_MOUNT,QSSB_SYSCGROUP_FS
|
|
umount2 QSSB_SYSCGROUP_UMOUNT,QSSB_SYSCGROUP_FS
|
|
swapon QSSB_SYSCGROUP_SWAP
|
|
swapoff QSSB_SYSCGROUP_SWAP
|
|
reboot QSSB_SYSCGROUP_POWER
|
|
sethostname QSSB_SYSCGROUP_HOST
|
|
setdomainname QSSB_SYSCGROUP_HOST
|
|
iopl QSSB_SYSCGROUP_IOPL
|
|
ioperm QSSB_SYSCGROUP_IOPL
|
|
create_module QSSB_SYSCGROUP_KMOD
|
|
init_module QSSB_SYSCGROUP_KMOD
|
|
delete_module QSSB_SYSCGROUP_KMOD
|
|
get_kernel_syms QSSB_SYSCGROUP_KMOD
|
|
query_module QSSB_SYSCGROUP_KMOD
|
|
quotactl QSSB_SYSCGROUP_QUOTA
|
|
nfsservctl QSSB_SYSCGROUP_NONE
|
|
getpmsg QSSB_SYSCGROUP_UNIMPLEMENTED
|
|
putpmsg QSSB_SYSCGROUP_UNIMPLEMENTED
|
|
afs_syscall QSSB_SYSCGROUP_UNIMPLEMENTED
|
|
tuxcall QSSB_SYSCGROUP_UNIMPLEMENTED
|
|
security QSSB_SYSCGROUP_UNIMPLEMENTED
|
|
gettid QSSB_SYSCGROUP_ID,QSSB_SYSCGROUP_THREAD
|
|
readahead QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_FS
|
|
setxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
|
|
lsetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
|
|
fsetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
|
|
getxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
lgetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
fgetxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
listxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
|
|
llistxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
|
|
flistxattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
|
|
removexattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
|
|
lremovexattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
|
|
fremovexattr QSSB_SYSCGROUP_XATTR,QSSB_SYSCGROUP_FS
|
|
tkill QSSB_SYSCGROUP_THREAD,QSSB_SYSCGROUP_SIGNAL
|
|
time QSSB_SYSCGROUP_TIME
|
|
futex QSSB_SYSCGROUP_THREAD,QSSB_SYSCGROUP_FUTEX
|
|
sched_setaffinity QSSB_SYSCGROUP_SCHED
|
|
sched_getaffinity QSSB_SYSCGROUP_SCHED
|
|
set_thread_area QSSB_SYSCGROUP_THREAD
|
|
io_setup QSSB_SYSCGROUP_IO
|
|
io_destroy QSSB_SYSCGROUP_IO
|
|
io_getevents QSSB_SYSCGROUP_IO
|
|
io_submit QSSB_SYSCGROUP_IO
|
|
io_cancel QSSB_SYSCGROUP_IO
|
|
get_thread_area QSSB_SYSCGROUP_THREAD
|
|
lookup_dcookie QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FS
|
|
epoll_create QSSB_SYSCGROUP_STDIO
|
|
epoll_ctl_old QSSB_SYSCGROUP_STDIO
|
|
epoll_wait_old QSSB_SYSCGROUP_STDIO
|
|
remap_file_pages QSSB_SYSCGROUP_NONE
|
|
getdents64 QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FS
|
|
set_tid_address QSSB_SYSCGROUP_THREAD
|
|
restart_syscall QSSB_SYSCGROUP_SYSCALL
|
|
semtimedop QSSB_SYSCGROUP_SEM
|
|
fadvise64 QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FD
|
|
timer_create QSSB_SYSCGROUP_TIMER
|
|
timer_settime QSSB_SYSCGROUP_TIMER
|
|
timer_gettime QSSB_SYSCGROUP_TIMER
|
|
timer_getoverrun QSSB_SYSCGROUP_TIMER
|
|
timer_delete QSSB_SYSCGROUP_TIMER
|
|
clock_settime QSSB_SYSCGROUP_TIME
|
|
clock_gettime QSSB_SYSCGROUP_TIME
|
|
clock_getres QSSB_SYSCGROUP_TIME
|
|
clock_nanosleep QSSB_SYSCGROUP_TIME
|
|
exit_group QSSB_SYSCGROUP_EXIT,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
epoll_wait QSSB_SYSCGROUP_FD
|
|
epoll_ctl QSSB_SYSCGROUP_FD
|
|
tgkill QSSB_SYSCGROUP_SIGNAL,QSSB_SYSCGROUP_THREAD
|
|
utimes QSSB_SYSCGROUP_PATH
|
|
vserver QSSB_SYSCGROUP_UNIMPLEMENTED
|
|
mbind QSSB_SYSCGROUP_MEMORY
|
|
set_mempolicy QSSB_SYSCGROUP_MEMORY
|
|
get_mempolicy QSSB_SYSCGROUP_MEMORY
|
|
mq_open QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
|
|
mq_unlink QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
|
|
mq_timedsend QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
|
|
mq_timedreceive QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
|
|
mq_notify QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
|
|
mq_getsetattr QSSB_SYSCGROUP_MQ,QSSB_SYSCGROUP_IPC
|
|
kexec_load QSSB_SYSCGROUP_KEXEC
|
|
waitid QSSB_SYSCGROUP_SIGNAL
|
|
add_key QSSB_SYSCGROUP_KEYS
|
|
request_key QSSB_SYSCGROUP_KEYS
|
|
keyctl QSSB_SYSCGROUP_KEYS
|
|
ioprio_set QSSB_SYSCGROUP_PRIO
|
|
ioprio_get QSSB_SYSCGROUP_PRIO
|
|
inotify_init QSSB_SYSCGROUP_INOTIFY
|
|
inotify_add_watch QSSB_SYSCGROUP_INOTIFY
|
|
inotify_rm_watch QSSB_SYSCGROUP_INOTIFY
|
|
migrate_pages QSSB_SYSCGROUP_PROCESS
|
|
openat QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
mkdirat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
mknodat QSSB_SYSCGROUP_DEV,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
fchownat QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
futimesat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
newfstatat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
unlinkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
renameat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
linkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
symlinkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
readlinkat QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
fchmodat QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
faccessat QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
pselect6 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
ppoll QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW,QSSB_SYSCGROUP_FS
|
|
unshare QSSB_SYSCGROUP_NS,QSSB_SYSCGROUP_FS
|
|
set_robust_list QSSB_SYSCGROUP_FUTEX
|
|
get_robust_list QSSB_SYSCGROUP_FUTEX
|
|
splice QSSB_SYSCGROUP_FD
|
|
tee QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
sync_file_range QSSB_SYSCGROUP_FD
|
|
vmsplice QSSB_SYSCGROUP_FD
|
|
move_pages QSSB_SYSCGROUP_PROCESS
|
|
utimensat QSSB_SYSCGROUP_PATH
|
|
epoll_pwait QSSB_SYSCGROUP_STDIO
|
|
signalfd QSSB_SYSCGROUP_SIGNAL
|
|
timerfd_create QSSB_SYSCGROUP_TIMER
|
|
eventfd QSSB_SYSCGROUP_FD
|
|
fallocate QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_FD
|
|
timerfd_settime QSSB_SYSCGROUP_TIMER
|
|
timerfd_gettime QSSB_SYSCGROUP_TIMER
|
|
accept4 QSSB_SYSCGROUP_SOCKET
|
|
signalfd4 QSSB_SYSCGROUP_FD
|
|
eventfd2 QSSB_SYSCGROUP_FD
|
|
epoll_create1 QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
dup3 QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
pipe2 QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
inotify_init1 QSSB_SYSCGROUP_INOTIFY
|
|
preadv QSSB_SYSCGROUP_STDIO
|
|
pwritev QSSB_SYSCGROUP_STDIO
|
|
rt_tgsigqueueinfo QSSB_SYSCGROUP_RT
|
|
perf_event_open QSSB_SYSCGROUP_PERF
|
|
recvmmsg QSSB_SYSCGROUP_SOCKET
|
|
fanotify_init QSSB_SYSCGROUP_FANOTIFY
|
|
fanotify_mark QSSB_SYSCGROUP_FANOTIFY
|
|
prlimit64 QSSB_SYSCGROUP_RES
|
|
name_to_handle_at QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_FS
|
|
open_by_handle_at QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_FS
|
|
clock_adjtime QSSB_SYSCGROUP_CLOCK
|
|
syncfs QSSB_SYSCGROUP_FD
|
|
sendmmsg QSSB_SYSCGROUP_SOCKET
|
|
setns QSSB_SYSCGROUP_NS
|
|
getcpu QSSB_SYSCGROUP_SCHED
|
|
#maybe IPC, but feels wrong
|
|
process_vm_readv QSSB_SYSCGROUP_NONE
|
|
process_vm_writev QSSB_SYSCGROUP_NONE
|
|
kcmp QSSB_SYSCGROUP_NONE
|
|
finit_module QSSB_SYSCGROUP_KMOD
|
|
sched_setattr QSSB_SYSCGROUP_SCHED
|
|
sched_getattr QSSB_SYSCGROUP_SCHED,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
renameat2 QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
seccomp QSSB_SYSCGROUP_NONE
|
|
getrandom QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
memfd_create QSSB_SYSCGROUP_MEMORY,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
kexec_file_load QSSB_SYSCGROUP_KEXEC
|
|
bpf QSSB_SYSCGROUP_NONE
|
|
execveat QSSB_SYSCGROUP_EXEC
|
|
userfaultfd QSSB_SYSCGROUP_NONE
|
|
membarrier QSSB_SYSCGROUP_NONE
|
|
mlock2 QSSB_SYSCGROUP_MEMORY
|
|
copy_file_range QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_DEFAULT_ALLOW
|
|
preadv2 QSSB_SYSCGROUP_STDIO
|
|
pwritev2 QSSB_SYSCGROUP_STDIO
|
|
#Those are newer than 5.10, wrap them in ifndef so we can compile on old systems
|
|
pkey_mprotect QSSB_SYSCGROUP_PKEY genifndef(329)
|
|
pkey_alloc QSSB_SYSCGROUP_PKEY genifndef(330)
|
|
pkey_free QSSB_SYSCGROUP_PKEY genifndef(331)
|
|
statx QSSB_SYSCGROUP_STAT,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(332)
|
|
io_pgetevents QSSB_SYSCGROUP_NONE genifndef(333)
|
|
rseq QSSB_SYSCGROUP_THREAD genifndef(334)
|
|
pidfd_send_signal QSSB_SYSCGROUP_PIDFD genifndef(424)
|
|
io_uring_setup QSSB_SYSCGROUP_IOURING genifndef(425)
|
|
io_uring_enter QSSB_SYSCGROUP_IOURING genifndef(426)
|
|
io_uring_register QSSB_SYSCGROUP_IOURING genifndef(427)
|
|
open_tree QSSB_SYSCGROUP_NEWMOUNT genifndef(428)
|
|
move_mount QSSB_SYSCGROUP_NEWMOUNT genifndef(429)
|
|
fsopen QSSB_SYSCGROUP_NEWMOUNT genifndef(430)
|
|
fsconfig QSSB_SYSCGROUP_NEWMOUNT genifndef(431)
|
|
fsmount QSSB_SYSCGROUP_NEWMOUNT genifndef(432)
|
|
fspick QSSB_SYSCGROUP_NEWMOUNT genifndef(433)
|
|
pidfd_open QSSB_SYSCGROUP_PIDFD genifndef(434)
|
|
clone3 QSSB_SYSCGROUP_CLONE,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(435)
|
|
close_range QSSB_SYSCGROUP_STDIO,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(436)
|
|
openat2 QSSB_SYSCGROUP_FD,QSSB_SYSCGROUP_PATH,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(437)
|
|
pidfd_getfd QSSB_SYSCGROUP_PIDFD genifndef(438)
|
|
faccessat2 QSSB_SYSCGROUP_PERMS,QSSB_SYSCGROUP_DEFAULT_ALLOW genifndef(439)
|
|
process_madvise QSSB_SYSCGROUP_MEMORY genifndef(440)
|
|
epoll_pwait2 QSSB_SYSCGROUP_STDIO genifndef(441)
|
|
mount_setattr QSSB_SYSCGROUP_NONE genifndef(442)
|
|
quotactl_fd QSSB_SYSCGROUP_QUOTA genifndef(443)
|
|
landlock_create_ruleset QSSB_SYSCGROUP_LANDLOCK genifndef(444)
|
|
landlock_add_rule QSSB_SYSCGROUP_LANDLOCK genifndef(445)
|
|
landlock_restrict_self QSSB_SYSCGROUP_LANDLOCK genifndef(446)
|
|
memfd_secret QSSB_SYSCGROUP_NONE genifndef(447)
|
|
process_mrelease QSSB_SYSCGROUP_NONE genifndef(448)
|