-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathricochet-whitelist.seccomp
154 lines (150 loc) · 4.33 KB
/
ricochet-whitelist.seccomp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
FIONREAD=0x541B
FUTEX_WAIT=0
FUTEX_WAKE=1
FUTEX_FD=2
FUTEX_REQUEUE=3
FUTEX_CMP_REQUEUE=4
FUTEX_WAKE_OP=5
FUTEX_LOCK_PI=6
FUTEX_UNLOCK_PI=7
FUTEX_TRYLOCK_PI=8
FUTEX_WAIT_BITSET=9
FUTEX_WAKE_BITSET=10
FUTEX_WAIT_REQUEUE_PI=11
FUTEX_CMP_REQUEUE_PI=12
FUTEX_PRIVATE_FLAG=128
FUTEX_CLOCK_REALTIME=256
FUTEX_CMD_MASK=~(FUTEX_PRIVATE_FLAG | FUTEX_CLOCK_REALTIME)
FUTEX_WAIT_PRIVATE=(FUTEX_WAIT | FUTEX_PRIVATE_FLAG)
FUTEX_WAKE_PRIVATE=(FUTEX_WAKE | FUTEX_PRIVATE_FLAG)
FUTEX_REQUEUE_PRIVATE=(FUTEX_REQUEUE | FUTEX_PRIVATE_FLAG)
FUTEX_CMP_REQUEUE_PRIVATE=(FUTEX_CMP_REQUEUE | FUTEX_PRIVATE_FLAG)
FUTEX_WAKE_OP_PRIVATE=(FUTEX_WAKE_OP | FUTEX_PRIVATE_FLAG)
FUTEX_LOCK_PI_PRIVATE=(FUTEX_LOCK_PI | FUTEX_PRIVATE_FLAG)
FUTEX_UNLOCK_PI_PRIVATE=(FUTEX_UNLOCK_PI | FUTEX_PRIVATE_FLAG)
FUTEX_TRYLOCK_PI_PRIVATE=(FUTEX_TRYLOCK_PI | FUTEX_PRIVATE_FLAG)
FUTEX_WAIT_BITSET_PRIVATE=(FUTEX_WAIT_BITSET | FUTEX_PRIVATE_FLAG)
FUTEX_WAKE_BITSET_PRIVATE=(FUTEX_WAKE_BITSET | FUTEX_PRIVATE_FLAG)
FUTEX_WAIT_REQUEUE_PI_PRIVATE=(FUTEX_WAIT_REQUEUE_PI | FUTEX_PRIVATE_FLAG)
FUTEX_CMP_REQUEUE_PI_PRIVATE=(FUTEX_CMP_REQUEUE_PI | FUTEX_PRIVATE_FLAG)
ioctl: (arg1 == TCGETS) || (arg1 == FIONREAD) || (arg1 == 35111) || (arg1 == 1074029664) || (arg1 == 1074291721) || (arg1 == 1074291822) || (arg1 == 1074553951) || (arg1 == 1075864669) || (arg1 == 1077961833) || (arg1 == 2148557923) || (arg1 == 3221775447) || (arg1 == 3221775469) || (arg1 == 3222037549) || (arg1 == 3222037606) || (arg1 == 3222299718) || (arg1 == 3222299739) || (arg1 == 3222299745) || (arg1 == 3222299748) || (arg1 == 3222299761) || (arg1 == 3222824050) || (arg1 == 3223872606)
poll:1
recvmsg:1
write:1
read:1
futex: arg1 == FUTEX_CMP_REQUEUE_PRIVATE || arg1 == FUTEX_LOCK_PI_PRIVATE || arg1 == FUTEX_UNLOCK_PI_PRIVATE || arg1 == FUTEX_WAIT || arg1 == FUTEX_WAIT_BITSET_PRIVATE || arg1 == FUTEX_WAIT_PRIVATE || arg1 == FUTEX_WAKE_OP_PRIVATE || arg1 == FUTEX_WAKE_PRIVATE || arg1 == FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME || arg1 == FUTEX_UNLOCK_PI || arg1 == FUTEX_WAKE
writev:1
sendmsg:1
stat:1
close:1
setrlimit:1
mprotect:1
mmap:1
open:1
access:1
fstat:1
mincore:1
munmap:1
brk:1
lstat:1
memfd_create:1
ftruncate:1
fcntl: (arg1 == F_DUPFD) || (arg1 == F_GETFD) || (arg1 == F_SETFD) || (arg1 == F_GETFL) || (arg1 == F_SETFL) || (arg1 == F_SETLK) || (arg1 == F_SETLKW)
rt_sigaction:1
getcwd:1
fstatfs:1
ppoll:1
select:1
sendto:1
recvfrom:1
socket: (arg0 == AF_UNIX && arg1 == SOCK_STREAM && arg2 == IPPROTO_IP) || (arg0 == AF_INET && arg1 &? SOCK_STREAM && arg2 == IPPROTO_TCP) || (arg0 == AF_INET && arg1 == SOCK_DGRAM && arg2 == IPPROTO_IP) || (arg0 == AF_INET && arg1 &? SOCK_STREAM && arg2 == IPPROTO_IP) || (arg0 == AF_INET6 && arg1 &? SOCK_STREAM && arg2 == IPPROTO_TCP) || (arg0 == AF_NETLINK && arg1 == SOCK_RAW && arg2 == IPPROTO_IP) || (arg0 == AF_UNIX && arg1 &? SOCK_STREAM && arg2 == 0) || (arg0 == AF_INET && arg1 &? SOCK_DGRAM && arg2 == IPPROTO_UDP) || (arg0 == AF_UNIX && arg1 &? SOCK_DGRAM) || (arg0 == AF_NETLINK && arg1 &? SOCK_RAW && arg2 == 15)
dup3:1
waitid:1
lseek:1
newfstatat:1
getdents:1
getsockname:1
rt_sigprocmask:1
set_robust_list:1
clone:1
socketpair:1
accept4:1
connect:1
pselect6:1
uname:1
personality:1
statfs:1
eventfd2:1
fadvise64:1
geteuid:1
bind:1
getuid:1
sigaltstack:1
epoll_wait:1
readlinkat:1
getrandom:1
setsockopt: (arg1 == 1 && arg2 == SO_REUSEADDR) || (arg1 == 1 && arg2 == SO_BROADCAST) || (arg1 == 1 && arg2 == SO_SNDBUF) || (arg1 == 1 && arg2 == SO_RCVBUF) || (arg1 == 1 && arg2 == SO_OOBINLINE) || (arg1 == 1 && arg2 == SO_PRIORITY) || (arg1 == 1 && arg2 == SO_PASSCRED) || (arg1 == 1 && arg2 == 26)
mkdir:1
rmdir:1
link:1
getpeername:1
prctl: arg0 == PR_SET_NAME || arg0 == PR_SET_DUMPABLE || arg0 == PR_GET_TIMERSLACK || arg0 == PR_GET_NAME
dup2:1
exit_group:1
kill:1
fdatasync:1
shmctl:1
name_to_handle_at:1
sched_setscheduler:1
rt_sigsuspend:1
mremap:1
inotify_add_watch:1
gettid:1
restart_syscall:1
umask:1
madvise:1
capget:1
exit:1
arch_prctl:1
epoll_create:1
setpriority:1
shmat:1
shmget:1
rename:1
getsockopt:1
chmod:1
pipe2:1
wait4:1
readlink:1
unlink:1
shmdt:1
pipe:1
set_tid_address:1
getegid:1
getrlimit:1
openat:1
flock:1
getresuid:1
getgid:1
shutdown:1
getresgid:1
getpid:1
getppid:1
setresuid:1
capset:1
setresgid:1
sysinfo:1
inotify_init1:1
getgroups:1
clock_getres:1
clock_gettime:1
chdir:1
epoll_ctl:1
epoll_create1:1
sched_getaffinity:1
getrusage:1
setsid:1
listen:1
inotify_rm_watch:1
execve:1
gettimeofday: 1