diff --git a/daemon/execdriver/native/create.go b/daemon/execdriver/native/create.go index 38d477beb7..ba14693abf 100644 --- a/daemon/execdriver/native/create.go +++ b/daemon/execdriver/native/create.go @@ -72,7 +72,10 @@ func (d *Driver) createContainer(c *execdriver.Command, hooks execdriver.Hooks) } if c.SeccompProfile == "" { - container.Seccomp = seccomp.GetDefaultProfile() + container.Seccomp, err = seccomp.GetDefaultProfile() + if err != nil { + return nil, err + } } } // add CAP_ prefix to all caps for new libcontainer update to match diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json index 532a523872..da58684fa5 100755 --- a/profiles/seccomp/default.json +++ b/profiles/seccomp/default.json @@ -1,1566 +1,1566 @@ { - "default_action": 2, + "defaultAction": "SCMP_ACT_ERRNO", "architectures": [ - "amd64", - "x86", - "x32" + "SCMP_ARCH_X86_64", + "SCMP_ARCH_X86", + "SCMP_ARCH_X32" ], "syscalls": [ { "name": "accept", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "accept4", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "access", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "alarm", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "arch_prctl", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "bind", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "brk", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "capget", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "capset", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "chdir", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "chmod", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "chown", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "chown32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "chroot", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "clock_getres", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "clock_gettime", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "clock_nanosleep", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "clone", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [ { "index": 0, "value": 2080505856, - "value_two": 0, - "op": 7 + "valueTwo": 0, + "op": "SCMP_CMP_MASKED_EQ" } ] }, { "name": "close", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "connect", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "creat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "dup", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "dup2", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "dup3", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "epoll_create", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "epoll_create1", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "epoll_ctl", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "epoll_ctl_old", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "epoll_pwait", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "epoll_wait", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "epoll_wait_old", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "eventfd", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "eventfd2", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "execve", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "execveat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "exit", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "exit_group", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "faccessat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fadvise64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fadvise64_64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fallocate", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fanotify_init", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fanotify_mark", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fchdir", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fchmod", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fchmodat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fchown", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fchown32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fchownat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fcntl", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fcntl64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fdatasync", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fgetxattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "flistxattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "flock", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fork", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fremovexattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fsetxattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fstat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fstat64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fstatat64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fstatfs", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fstatfs64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "fsync", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "ftruncate", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "ftruncate64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "futex", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "futimesat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getcpu", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getcwd", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getdents", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getdents64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getegid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getegid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "geteuid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "geteuid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getgid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getgid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getgroups", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getgroups32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getitimer", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getpeername", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getpgid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getpgrp", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getpid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getppid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getpriority", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getrandom", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getresgid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getresgid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getresuid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getresuid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getrlimit", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "get_robust_list", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getrusage", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getsid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getsockname", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getsockopt", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "get_thread_area", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "gettid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "gettimeofday", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getuid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getuid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "getxattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "inotify_add_watch", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "inotify_init", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "inotify_init1", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "inotify_rm_watch", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "io_cancel", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "ioctl", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "io_destroy", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "io_getevents", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "ioprio_get", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "ioprio_set", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "io_setup", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "io_submit", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "kill", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "lchown", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "lchown32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "lgetxattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "link", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "linkat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "listen", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "listxattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "llistxattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "_llseek", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "lremovexattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "lseek", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "lsetxattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "lstat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "lstat64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "madvise", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "memfd_create", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mincore", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mkdir", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mkdirat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mknod", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mknodat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mlock", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mlockall", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mmap", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mmap2", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mprotect", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mq_getsetattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mq_notify", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mq_open", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mq_timedreceive", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mq_timedsend", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mq_unlink", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "mremap", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "msgctl", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "msgget", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "msgrcv", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "msgsnd", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "msync", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "munlock", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "munlockall", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "munmap", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "nanosleep", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "newfstatat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "_newselect", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "open", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "openat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "pause", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "pipe", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "pipe2", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "poll", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "ppoll", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "prctl", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "pread64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "preadv", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "prlimit64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "pselect6", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "pwrite64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "pwritev", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "read", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "readahead", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "readlink", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "readlinkat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "readv", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "recv", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "recvfrom", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "recvmmsg", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "recvmsg", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "remap_file_pages", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "removexattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "rename", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "renameat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "renameat2", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "rmdir", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "rt_sigaction", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "rt_sigpending", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "rt_sigprocmask", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "rt_sigqueueinfo", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "rt_sigreturn", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "rt_sigsuspend", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "rt_sigtimedwait", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "rt_tgsigqueueinfo", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_getaffinity", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_getattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_getparam", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_get_priority_max", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_get_priority_min", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_getscheduler", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_rr_get_interval", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_setaffinity", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_setattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_setparam", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_setscheduler", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sched_yield", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "seccomp", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "select", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "semctl", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "semget", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "semop", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "semtimedop", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "send", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sendfile", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sendfile64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sendmmsg", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sendmsg", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sendto", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setdomainname", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setfsgid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setfsgid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setfsuid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setfsuid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setgid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setgid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setgroups", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setgroups32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sethostname", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setitimer", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setpgid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setpriority", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setregid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setregid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setresgid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setresgid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setresuid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setresuid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setreuid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setreuid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setrlimit", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "set_robust_list", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setsid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setsockopt", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "set_thread_area", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "set_tid_address", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setuid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setuid32", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "setxattr", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "shmat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "shmctl", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "shmdt", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "shmget", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "shutdown", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sigaltstack", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "signalfd", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "signalfd4", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sigreturn", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "socket", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "socketpair", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "splice", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "stat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "stat64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "statfs", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "statfs64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "symlink", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "symlinkat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sync", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sync_file_range", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "syncfs", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "sysinfo", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "syslog", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "tee", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "tgkill", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "time", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "timer_create", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "timer_delete", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "timerfd_create", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "timerfd_gettime", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "timerfd_settime", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "timer_getoverrun", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "timer_gettime", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "timer_settime", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "times", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "tkill", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "truncate", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "truncate64", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "ugetrlimit", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "umask", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "uname", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "unlink", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "unlinkat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "utime", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "utimensat", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "utimes", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "vfork", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "vhangup", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "vmsplice", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "wait4", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "waitid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "waitpid", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "write", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "writev", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "modify_ldt", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "breakpoint", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "cacheflush", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] }, { "name": "set_tls", - "action": 4, + "action": "SCMP_ACT_ALLOW", "args": [] } ] diff --git a/profiles/seccomp/generate.go b/profiles/seccomp/generate.go index 8654ec028a..bf56594765 100644 --- a/profiles/seccomp/generate.go +++ b/profiles/seccomp/generate.go @@ -20,11 +20,8 @@ func main() { } f := filepath.Join(wd, "default.json") - // get the default profile - p := seccomp.GetDefaultProfile() - // write the default profile to the file - b, err := json.MarshalIndent(p, "", "\t") + b, err := json.MarshalIndent(seccomp.DefaultProfile, "", "\t") if err != nil { panic(err) } diff --git a/profiles/seccomp/seccomp.go b/profiles/seccomp/seccomp.go index 611b80b246..8657860965 100644 --- a/profiles/seccomp/seccomp.go +++ b/profiles/seccomp/seccomp.go @@ -14,8 +14,8 @@ import ( //go:generate go run -tags 'seccomp' generate.go // GetDefaultProfile returns the default seccomp profile. -func GetDefaultProfile() *configs.Seccomp { - return defaultProfile +func GetDefaultProfile() (*configs.Seccomp, error) { + return setupSeccomp(DefaultProfile) } // LoadProfile takes a file path a decodes the seccomp profile. diff --git a/profiles/seccomp/seccomp_default.go b/profiles/seccomp/seccomp_default.go index 49bd259df4..ff7005f5d1 100644 --- a/profiles/seccomp/seccomp_default.go +++ b/profiles/seccomp/seccomp_default.go @@ -5,1597 +5,1597 @@ package seccomp import ( "syscall" - "github.com/opencontainers/runc/libcontainer/configs" + "github.com/docker/engine-api/types" libseccomp "github.com/seccomp/libseccomp-golang" ) -func arches() []string { +func arches() []types.Arch { var native, err = libseccomp.GetNativeArch() if err != nil { - return []string{} + return []types.Arch{} } var a = native.String() switch a { case "amd64": - return []string{"amd64", "x86", "x32"} + return []types.Arch{types.ArchX86_64, types.ArchX86, types.ArchX32} case "arm64": - return []string{"arm64", "arm"} + return []types.Arch{types.ArchARM, types.ArchAARCH64} case "mips64": - return []string{"mips64", "mips64n32", "mips"} + return []types.Arch{types.ArchMIPS, types.ArchMIPS64, types.ArchMIPS64N32} case "mips64n32": - return []string{"mips64", "mips64n32", "mips"} + return []types.Arch{types.ArchMIPS, types.ArchMIPS64, types.ArchMIPS64N32} case "mipsel64": - return []string{"mipsel64", "mipsel64n32", "mipsel"} + return []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64, types.ArchMIPSEL64N32} case "mipsel64n32": - return []string{"mipsel64", "mipsel64n32", "mipsel"} + return []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64, types.ArchMIPSEL64N32} default: - return []string{a} + return []types.Arch{} } } -// defaultProfile defines the whitelist for the default seccomp profile. -var defaultProfile = &configs.Seccomp{ - DefaultAction: configs.Errno, +// DefaultProfile defines the whitelist for the default seccomp profile. +var DefaultProfile = &types.Seccomp{ + DefaultAction: types.ActErrno, Architectures: arches(), - Syscalls: []*configs.Syscall{ + Syscalls: []*types.Syscall{ { Name: "accept", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "accept4", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "access", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "alarm", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "arch_prctl", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "bind", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "brk", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "capget", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "capset", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "chdir", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "chmod", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "chown", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "chown32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "chroot", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "clock_getres", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "clock_gettime", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "clock_nanosleep", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "clone", - Action: configs.Allow, - Args: []*configs.Arg{ + Action: types.ActAllow, + Args: []*types.Arg{ { Index: 0, Value: syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET, ValueTwo: 0, - Op: configs.MaskEqualTo, + Op: types.OpMaskedEqual, }, }, }, { Name: "close", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "connect", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "creat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "dup", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "dup2", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "dup3", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "epoll_create", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "epoll_create1", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "epoll_ctl", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "epoll_ctl_old", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "epoll_pwait", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "epoll_wait", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "epoll_wait_old", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "eventfd", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "eventfd2", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "execve", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "execveat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "exit", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "exit_group", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "faccessat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fadvise64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fadvise64_64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fallocate", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fanotify_init", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fanotify_mark", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fchdir", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fchmod", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fchmodat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fchown", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fchown32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fchownat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fcntl", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fcntl64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fdatasync", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fgetxattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "flistxattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "flock", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fork", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fremovexattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fsetxattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fstat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fstat64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fstatat64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fstatfs", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fstatfs64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "fsync", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "ftruncate", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "ftruncate64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "futex", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "futimesat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getcpu", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getcwd", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getdents", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getdents64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getegid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getegid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "geteuid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "geteuid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getgid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getgid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getgroups", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getgroups32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getitimer", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getpeername", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getpgid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getpgrp", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getpid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getppid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getpriority", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getrandom", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getresgid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getresgid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getresuid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getresuid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getrlimit", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "get_robust_list", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getrusage", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getsid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getsockname", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getsockopt", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "get_thread_area", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "gettid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "gettimeofday", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getuid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getuid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "getxattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "inotify_add_watch", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "inotify_init", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "inotify_init1", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "inotify_rm_watch", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "io_cancel", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "ioctl", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "io_destroy", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "io_getevents", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "ioprio_get", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "ioprio_set", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "io_setup", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "io_submit", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "kill", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "lchown", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "lchown32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "lgetxattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "link", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "linkat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "listen", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "listxattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "llistxattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "_llseek", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "lremovexattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "lseek", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "lsetxattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "lstat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "lstat64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "madvise", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "memfd_create", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mincore", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mkdir", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mkdirat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mknod", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mknodat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mlock", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mlockall", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mmap", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mmap2", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mprotect", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mq_getsetattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mq_notify", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mq_open", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mq_timedreceive", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mq_timedsend", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mq_unlink", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "mremap", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "msgctl", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "msgget", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "msgrcv", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "msgsnd", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "msync", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "munlock", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "munlockall", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "munmap", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "nanosleep", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "newfstatat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "_newselect", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "open", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "openat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "pause", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "pipe", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "pipe2", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "poll", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "ppoll", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "prctl", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "pread64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "preadv", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "prlimit64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "pselect6", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "pwrite64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "pwritev", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "read", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "readahead", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "readlink", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "readlinkat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "readv", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "recv", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "recvfrom", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "recvmmsg", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "recvmsg", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "remap_file_pages", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "removexattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "rename", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "renameat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "renameat2", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "rmdir", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "rt_sigaction", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "rt_sigpending", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "rt_sigprocmask", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "rt_sigqueueinfo", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "rt_sigreturn", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "rt_sigsuspend", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "rt_sigtimedwait", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "rt_tgsigqueueinfo", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_getaffinity", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_getattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_getparam", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_get_priority_max", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_get_priority_min", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_getscheduler", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_rr_get_interval", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_setaffinity", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_setattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_setparam", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_setscheduler", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sched_yield", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "seccomp", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "select", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "semctl", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "semget", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "semop", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "semtimedop", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "send", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sendfile", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sendfile64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sendmmsg", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sendmsg", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sendto", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setdomainname", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setfsgid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setfsgid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setfsuid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setfsuid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setgid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setgid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setgroups", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setgroups32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sethostname", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setitimer", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setpgid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setpriority", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setregid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setregid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setresgid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setresgid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setresuid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setresuid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setreuid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setreuid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setrlimit", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "set_robust_list", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setsid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setsockopt", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "set_thread_area", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "set_tid_address", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setuid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setuid32", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "setxattr", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "shmat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "shmctl", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "shmdt", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "shmget", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "shutdown", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sigaltstack", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "signalfd", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "signalfd4", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sigreturn", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "socket", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "socketpair", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "splice", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "stat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "stat64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "statfs", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "statfs64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "symlink", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "symlinkat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sync", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sync_file_range", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "syncfs", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "sysinfo", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "syslog", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "tee", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "tgkill", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "time", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "timer_create", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "timer_delete", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "timerfd_create", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "timerfd_gettime", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "timerfd_settime", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "timer_getoverrun", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "timer_gettime", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "timer_settime", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "times", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "tkill", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "truncate", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "truncate64", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "ugetrlimit", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "umask", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "uname", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "unlink", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "unlinkat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "utime", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "utimensat", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "utimes", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "vfork", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "vhangup", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "vmsplice", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "wait4", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "waitid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "waitpid", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "write", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "writev", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, // i386 specific syscalls { Name: "modify_ldt", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, // arm specific syscalls { Name: "breakpoint", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "cacheflush", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, { Name: "set_tls", - Action: configs.Allow, - Args: []*configs.Arg{}, + Action: types.ActAllow, + Args: []*types.Arg{}, }, }, } diff --git a/profiles/seccomp/seccomp_unsupported.go b/profiles/seccomp/seccomp_unsupported.go index 780c7d051d..649632920a 100644 --- a/profiles/seccomp/seccomp_unsupported.go +++ b/profiles/seccomp/seccomp_unsupported.go @@ -2,9 +2,9 @@ package seccomp -import "github.com/opencontainers/runc/libcontainer/configs" +import "github.com/docker/engine-api/types" var ( - // defaultProfile is a nil pointer on unsupported systems. - defaultProfile *configs.Seccomp + // DefaultProfile is a nil pointer on unsupported systems. + DefaultProfile *types.Seccomp )