1{
2	"defaultAction": "SCMP_ACT_ERRNO",
3	"archMap": [
4		{
5			"architecture": "SCMP_ARCH_X86_64",
6			"subArchitectures": [
7				"SCMP_ARCH_X86",
8				"SCMP_ARCH_X32"
9			]
10		},
11		{
12			"architecture": "SCMP_ARCH_AARCH64",
13			"subArchitectures": [
14				"SCMP_ARCH_ARM"
15			]
16		},
17		{
18			"architecture": "SCMP_ARCH_MIPS64",
19			"subArchitectures": [
20				"SCMP_ARCH_MIPS",
21				"SCMP_ARCH_MIPS64N32"
22			]
23		},
24		{
25			"architecture": "SCMP_ARCH_MIPS64N32",
26			"subArchitectures": [
27				"SCMP_ARCH_MIPS",
28				"SCMP_ARCH_MIPS64"
29			]
30		},
31		{
32			"architecture": "SCMP_ARCH_MIPSEL64",
33			"subArchitectures": [
34				"SCMP_ARCH_MIPSEL",
35				"SCMP_ARCH_MIPSEL64N32"
36			]
37		},
38		{
39			"architecture": "SCMP_ARCH_MIPSEL64N32",
40			"subArchitectures": [
41				"SCMP_ARCH_MIPSEL",
42				"SCMP_ARCH_MIPSEL64"
43			]
44		},
45		{
46			"architecture": "SCMP_ARCH_S390X",
47			"subArchitectures": [
48				"SCMP_ARCH_S390"
49			]
50		}
51	],
52	"syscalls": [
53		{
54			"names": [
55				"accept",
56				"accept4",
57				"access",
58				"adjtimex",
59				"alarm",
60				"bind",
61				"brk",
62				"capget",
63				"capset",
64				"chdir",
65				"chmod",
66				"chown",
67				"chown32",
68				"clock_getres",
69				"clock_getres_time64",
70				"clock_gettime",
71				"clock_gettime64",
72				"clock_nanosleep",
73				"clock_nanosleep_time64",
74				"close",
75				"connect",
76				"copy_file_range",
77				"creat",
78				"dup",
79				"dup2",
80				"dup3",
81				"epoll_create",
82				"epoll_create1",
83				"epoll_ctl",
84				"epoll_ctl_old",
85				"epoll_pwait",
86				"epoll_wait",
87				"epoll_wait_old",
88				"eventfd",
89				"eventfd2",
90				"execve",
91				"execveat",
92				"exit",
93				"exit_group",
94				"faccessat",
95				"fadvise64",
96				"fadvise64_64",
97				"fallocate",
98				"fanotify_mark",
99				"fchdir",
100				"fchmod",
101				"fchmodat",
102				"fchown",
103				"fchown32",
104				"fchownat",
105				"fcntl",
106				"fcntl64",
107				"fdatasync",
108				"fgetxattr",
109				"flistxattr",
110				"flock",
111				"fork",
112				"fremovexattr",
113				"fsetxattr",
114				"fstat",
115				"fstat64",
116				"fstatat64",
117				"fstatfs",
118				"fstatfs64",
119				"fsync",
120				"ftruncate",
121				"ftruncate64",
122				"futex",
123				"futex_time64",
124				"futimesat",
125				"getcpu",
126				"getcwd",
127				"getdents",
128				"getdents64",
129				"getegid",
130				"getegid32",
131				"geteuid",
132				"geteuid32",
133				"getgid",
134				"getgid32",
135				"getgroups",
136				"getgroups32",
137				"getitimer",
138				"getpeername",
139				"getpgid",
140				"getpgrp",
141				"getpid",
142				"getppid",
143				"getpriority",
144				"getrandom",
145				"getresgid",
146				"getresgid32",
147				"getresuid",
148				"getresuid32",
149				"getrlimit",
150				"get_robust_list",
151				"getrusage",
152				"getsid",
153				"getsockname",
154				"getsockopt",
155				"get_thread_area",
156				"gettid",
157				"gettimeofday",
158				"getuid",
159				"getuid32",
160				"getxattr",
161				"inotify_add_watch",
162				"inotify_init",
163				"inotify_init1",
164				"inotify_rm_watch",
165				"io_cancel",
166				"ioctl",
167				"io_destroy",
168				"io_getevents",
169				"io_pgetevents",
170				"io_pgetevents_time64",
171				"ioprio_get",
172				"ioprio_set",
173				"io_setup",
174				"io_submit",
175				"ipc",
176				"kill",
177				"lchown",
178				"lchown32",
179				"lgetxattr",
180				"link",
181				"linkat",
182				"listen",
183				"listxattr",
184				"llistxattr",
185				"_llseek",
186				"lremovexattr",
187				"lseek",
188				"lsetxattr",
189				"lstat",
190				"lstat64",
191				"madvise",
192				"memfd_create",
193				"mincore",
194				"mkdir",
195				"mkdirat",
196				"mknod",
197				"mknodat",
198				"mlock",
199				"mlock2",
200				"mlockall",
201				"mmap",
202				"mmap2",
203				"mprotect",
204				"mq_getsetattr",
205				"mq_notify",
206				"mq_open",
207				"mq_timedreceive",
208				"mq_timedreceive_time64",
209				"mq_timedsend",
210				"mq_timedsend_time64",
211				"mq_unlink",
212				"mremap",
213				"msgctl",
214				"msgget",
215				"msgrcv",
216				"msgsnd",
217				"msync",
218				"munlock",
219				"munlockall",
220				"munmap",
221				"nanosleep",
222				"newfstatat",
223				"_newselect",
224				"open",
225				"openat",
226				"pause",
227				"pipe",
228				"pipe2",
229				"poll",
230				"ppoll",
231				"ppoll_time64",
232				"prctl",
233				"pread64",
234				"preadv",
235				"preadv2",
236				"prlimit64",
237				"pselect6",
238				"pselect6_time64",
239				"pwrite64",
240				"pwritev",
241				"pwritev2",
242				"read",
243				"readahead",
244				"readlink",
245				"readlinkat",
246				"readv",
247				"recv",
248				"recvfrom",
249				"recvmmsg",
250				"recvmmsg_time64",
251				"recvmsg",
252				"remap_file_pages",
253				"removexattr",
254				"rename",
255				"renameat",
256				"renameat2",
257				"restart_syscall",
258				"rmdir",
259				"rt_sigaction",
260				"rt_sigpending",
261				"rt_sigprocmask",
262				"rt_sigqueueinfo",
263				"rt_sigreturn",
264				"rt_sigsuspend",
265				"rt_sigtimedwait",
266				"rt_sigtimedwait_time64",
267				"rt_tgsigqueueinfo",
268				"sched_getaffinity",
269				"sched_getattr",
270				"sched_getparam",
271				"sched_get_priority_max",
272				"sched_get_priority_min",
273				"sched_getscheduler",
274				"sched_rr_get_interval",
275				"sched_rr_get_interval_time64",
276				"sched_setaffinity",
277				"sched_setattr",
278				"sched_setparam",
279				"sched_setscheduler",
280				"sched_yield",
281				"seccomp",
282				"select",
283				"semctl",
284				"semget",
285				"semop",
286				"semtimedop",
287				"semtimedop_time64",
288				"send",
289				"sendfile",
290				"sendfile64",
291				"sendmmsg",
292				"sendmsg",
293				"sendto",
294				"setfsgid",
295				"setfsgid32",
296				"setfsuid",
297				"setfsuid32",
298				"setgid",
299				"setgid32",
300				"setgroups",
301				"setgroups32",
302				"setitimer",
303				"setpgid",
304				"setpriority",
305				"setregid",
306				"setregid32",
307				"setresgid",
308				"setresgid32",
309				"setresuid",
310				"setresuid32",
311				"setreuid",
312				"setreuid32",
313				"setrlimit",
314				"set_robust_list",
315				"setsid",
316				"setsockopt",
317				"set_thread_area",
318				"set_tid_address",
319				"setuid",
320				"setuid32",
321				"setxattr",
322				"shmat",
323				"shmctl",
324				"shmdt",
325				"shmget",
326				"shutdown",
327				"sigaltstack",
328				"signalfd",
329				"signalfd4",
330				"sigprocmask",
331				"sigreturn",
332				"socket",
333				"socketcall",
334				"socketpair",
335				"splice",
336				"stat",
337				"stat64",
338				"statfs",
339				"statfs64",
340				"statx",
341				"symlink",
342				"symlinkat",
343				"sync",
344				"sync_file_range",
345				"syncfs",
346				"sysinfo",
347				"tee",
348				"tgkill",
349				"time",
350				"timer_create",
351				"timer_delete",
352				"timer_getoverrun",
353				"timer_gettime",
354				"timer_gettime64",
355				"timer_settime",
356				"timer_settime64",
357				"timerfd_create",
358				"timerfd_gettime",
359				"timerfd_gettime64",
360				"timerfd_settime",
361				"timerfd_settime64",
362				"times",
363				"tkill",
364				"truncate",
365				"truncate64",
366				"ugetrlimit",
367				"umask",
368				"uname",
369				"unlink",
370				"unlinkat",
371				"utime",
372				"utimensat",
373				"utimensat_time64",
374				"utimes",
375				"vfork",
376				"vmsplice",
377				"wait4",
378				"waitid",
379				"waitpid",
380				"write",
381				"writev"
382			],
383			"action": "SCMP_ACT_ALLOW",
384			"args": [],
385			"comment": "",
386			"includes": {},
387			"excludes": {}
388		},
389		{
390			"names": [
391				"ptrace"
392			],
393			"action": "SCMP_ACT_ALLOW",
394			"args": null,
395			"comment": "",
396			"includes": {
397				"minKernel": "4.8"
398			},
399			"excludes": {}
400		},
401		{
402			"names": [
403				"personality"
404			],
405			"action": "SCMP_ACT_ALLOW",
406			"args": [
407				{
408					"index": 0,
409					"value": 0,
410					"valueTwo": 0,
411					"op": "SCMP_CMP_EQ"
412				}
413			],
414			"comment": "",
415			"includes": {},
416			"excludes": {}
417		},
418		{
419			"names": [
420				"personality"
421			],
422			"action": "SCMP_ACT_ALLOW",
423			"args": [
424				{
425					"index": 0,
426					"value": 8,
427					"valueTwo": 0,
428					"op": "SCMP_CMP_EQ"
429				}
430			],
431			"comment": "",
432			"includes": {},
433			"excludes": {}
434		},
435		{
436			"names": [
437				"personality"
438			],
439			"action": "SCMP_ACT_ALLOW",
440			"args": [
441				{
442					"index": 0,
443					"value": 131072,
444					"valueTwo": 0,
445					"op": "SCMP_CMP_EQ"
446				}
447			],
448			"comment": "",
449			"includes": {},
450			"excludes": {}
451		},
452		{
453			"names": [
454				"personality"
455			],
456			"action": "SCMP_ACT_ALLOW",
457			"args": [
458				{
459					"index": 0,
460					"value": 131080,
461					"valueTwo": 0,
462					"op": "SCMP_CMP_EQ"
463				}
464			],
465			"comment": "",
466			"includes": {},
467			"excludes": {}
468		},
469		{
470			"names": [
471				"personality"
472			],
473			"action": "SCMP_ACT_ALLOW",
474			"args": [
475				{
476					"index": 0,
477					"value": 4294967295,
478					"valueTwo": 0,
479					"op": "SCMP_CMP_EQ"
480				}
481			],
482			"comment": "",
483			"includes": {},
484			"excludes": {}
485		},
486		{
487			"names": [
488				"sync_file_range2"
489			],
490			"action": "SCMP_ACT_ALLOW",
491			"args": [],
492			"comment": "",
493			"includes": {
494				"arches": [
495					"ppc64le"
496				]
497			},
498			"excludes": {}
499		},
500		{
501			"names": [
502				"arm_fadvise64_64",
503				"arm_sync_file_range",
504				"sync_file_range2",
505				"breakpoint",
506				"cacheflush",
507				"set_tls"
508			],
509			"action": "SCMP_ACT_ALLOW",
510			"args": [],
511			"comment": "",
512			"includes": {
513				"arches": [
514					"arm",
515					"arm64"
516				]
517			},
518			"excludes": {}
519		},
520		{
521			"names": [
522				"arch_prctl"
523			],
524			"action": "SCMP_ACT_ALLOW",
525			"args": [],
526			"comment": "",
527			"includes": {
528				"arches": [
529					"amd64",
530					"x32"
531				]
532			},
533			"excludes": {}
534		},
535		{
536			"names": [
537				"modify_ldt"
538			],
539			"action": "SCMP_ACT_ALLOW",
540			"args": [],
541			"comment": "",
542			"includes": {
543				"arches": [
544					"amd64",
545					"x32",
546					"x86"
547				]
548			},
549			"excludes": {}
550		},
551		{
552			"names": [
553				"s390_pci_mmio_read",
554				"s390_pci_mmio_write",
555				"s390_runtime_instr"
556			],
557			"action": "SCMP_ACT_ALLOW",
558			"args": [],
559			"comment": "",
560			"includes": {
561				"arches": [
562					"s390",
563					"s390x"
564				]
565			},
566			"excludes": {}
567		},
568		{
569			"names": [
570				"open_by_handle_at"
571			],
572			"action": "SCMP_ACT_ALLOW",
573			"args": [],
574			"comment": "",
575			"includes": {
576				"caps": [
577					"CAP_DAC_READ_SEARCH"
578				]
579			},
580			"excludes": {}
581		},
582		{
583			"names": [
584				"bpf",
585				"clone",
586				"fanotify_init",
587				"lookup_dcookie",
588				"mount",
589				"name_to_handle_at",
590				"perf_event_open",
591				"quotactl",
592				"setdomainname",
593				"sethostname",
594				"setns",
595				"syslog",
596				"umount",
597				"umount2",
598				"unshare"
599			],
600			"action": "SCMP_ACT_ALLOW",
601			"args": [],
602			"comment": "",
603			"includes": {
604				"caps": [
605					"CAP_SYS_ADMIN"
606				]
607			},
608			"excludes": {}
609		},
610		{
611			"names": [
612				"clone"
613			],
614			"action": "SCMP_ACT_ALLOW",
615			"args": [
616				{
617					"index": 0,
618					"value": 2080505856,
619					"valueTwo": 0,
620					"op": "SCMP_CMP_MASKED_EQ"
621				}
622			],
623			"comment": "",
624			"includes": {},
625			"excludes": {
626				"caps": [
627					"CAP_SYS_ADMIN"
628				],
629				"arches": [
630					"s390",
631					"s390x"
632				]
633			}
634		},
635		{
636			"names": [
637				"clone"
638			],
639			"action": "SCMP_ACT_ALLOW",
640			"args": [
641				{
642					"index": 1,
643					"value": 2080505856,
644					"valueTwo": 0,
645					"op": "SCMP_CMP_MASKED_EQ"
646				}
647			],
648			"comment": "s390 parameter ordering for clone is different",
649			"includes": {
650				"arches": [
651					"s390",
652					"s390x"
653				]
654			},
655			"excludes": {
656				"caps": [
657					"CAP_SYS_ADMIN"
658				]
659			}
660		},
661		{
662			"names": [
663				"reboot"
664			],
665			"action": "SCMP_ACT_ALLOW",
666			"args": [],
667			"comment": "",
668			"includes": {
669				"caps": [
670					"CAP_SYS_BOOT"
671				]
672			},
673			"excludes": {}
674		},
675		{
676			"names": [
677				"chroot"
678			],
679			"action": "SCMP_ACT_ALLOW",
680			"args": [],
681			"comment": "",
682			"includes": {
683				"caps": [
684					"CAP_SYS_CHROOT"
685				]
686			},
687			"excludes": {}
688		},
689		{
690			"names": [
691				"delete_module",
692				"init_module",
693				"finit_module",
694				"query_module"
695			],
696			"action": "SCMP_ACT_ALLOW",
697			"args": [],
698			"comment": "",
699			"includes": {
700				"caps": [
701					"CAP_SYS_MODULE"
702				]
703			},
704			"excludes": {}
705		},
706		{
707			"names": [
708				"acct"
709			],
710			"action": "SCMP_ACT_ALLOW",
711			"args": [],
712			"comment": "",
713			"includes": {
714				"caps": [
715					"CAP_SYS_PACCT"
716				]
717			},
718			"excludes": {}
719		},
720		{
721			"names": [
722				"kcmp",
723				"process_vm_readv",
724				"process_vm_writev",
725				"ptrace"
726			],
727			"action": "SCMP_ACT_ALLOW",
728			"args": [],
729			"comment": "",
730			"includes": {
731				"caps": [
732					"CAP_SYS_PTRACE"
733				]
734			},
735			"excludes": {}
736		},
737		{
738			"names": [
739				"iopl",
740				"ioperm"
741			],
742			"action": "SCMP_ACT_ALLOW",
743			"args": [],
744			"comment": "",
745			"includes": {
746				"caps": [
747					"CAP_SYS_RAWIO"
748				]
749			},
750			"excludes": {}
751		},
752		{
753			"names": [
754				"settimeofday",
755				"stime",
756				"clock_settime"
757			],
758			"action": "SCMP_ACT_ALLOW",
759			"args": [],
760			"comment": "",
761			"includes": {
762				"caps": [
763					"CAP_SYS_TIME"
764				]
765			},
766			"excludes": {}
767		},
768		{
769			"names": [
770				"vhangup"
771			],
772			"action": "SCMP_ACT_ALLOW",
773			"args": [],
774			"comment": "",
775			"includes": {
776				"caps": [
777					"CAP_SYS_TTY_CONFIG"
778				]
779			},
780			"excludes": {}
781		},
782		{
783			"names": [
784				"get_mempolicy",
785				"mbind",
786				"set_mempolicy"
787			],
788			"action": "SCMP_ACT_ALLOW",
789			"args": [],
790			"comment": "",
791			"includes": {
792				"caps": [
793					"CAP_SYS_NICE"
794				]
795			},
796			"excludes": {}
797		},
798		{
799			"names": [
800				"syslog"
801			],
802			"action": "SCMP_ACT_ALLOW",
803			"args": [],
804			"comment": "",
805			"includes": {
806				"caps": [
807					"CAP_SYSLOG"
808				]
809			},
810			"excludes": {}
811		}
812	]
813}