diff options
Diffstat (limited to 'seccomp')
| -rw-r--r-- | seccomp/aarch64/block_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/arm/9p_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/arm/block_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/arm/fs_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/arm/tpm_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/arm/xhci.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/9p_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/block_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/fs_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/gpu_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/tpm_device.policy | 1 |
11 files changed, 11 insertions, 0 deletions
diff --git a/seccomp/aarch64/block_device.policy b/seccomp/aarch64/block_device.policy index 14287e3..cf1816a 100644 --- a/seccomp/aarch64/block_device.policy +++ b/seccomp/aarch64/block_device.policy @@ -12,6 +12,7 @@ ftruncate: 1 lseek: 1 preadv: 1 pwritev: 1 +statx: 1 timerfd_create: 1 timerfd_gettime: 1 timerfd_settime: 1 diff --git a/seccomp/arm/9p_device.policy b/seccomp/arm/9p_device.policy index dc369e3..b24d439 100644 --- a/seccomp/arm/9p_device.policy +++ b/seccomp/arm/9p_device.policy @@ -11,6 +11,7 @@ pread64: 1 pwrite64: 1 lstat64: 1 stat64: 1 +statx: 1 fstat64: 1 ioctl: arg1 == FIOCLEX getdents64: 1 diff --git a/seccomp/arm/block_device.policy b/seccomp/arm/block_device.policy index fad0cc0..bc25f07 100644 --- a/seccomp/arm/block_device.policy +++ b/seccomp/arm/block_device.policy @@ -14,6 +14,7 @@ pread64: 1 preadv: 1 pwrite64: 1 pwritev: 1 +statx: 1 timerfd_create: 1 timerfd_gettime: 1 timerfd_settime: 1 diff --git a/seccomp/arm/fs_device.policy b/seccomp/arm/fs_device.policy index 0708ec8..6224247 100644 --- a/seccomp/arm/fs_device.policy +++ b/seccomp/arm/fs_device.policy @@ -27,6 +27,7 @@ readlinkat: 1 renameat2: 1 setresgid32: 1 setresuid32: 1 +statx: 1 symlinkat: 1 umask: 1 unlinkat: 1 diff --git a/seccomp/arm/tpm_device.policy b/seccomp/arm/tpm_device.policy index d91626d..f21201d 100644 --- a/seccomp/arm/tpm_device.policy +++ b/seccomp/arm/tpm_device.policy @@ -56,3 +56,4 @@ open: 1 openat: 1 socket: return EACCES stat: 1 +statx: 1 diff --git a/seccomp/arm/xhci.policy b/seccomp/arm/xhci.policy index e13d468..7815e42 100644 --- a/seccomp/arm/xhci.policy +++ b/seccomp/arm/xhci.policy @@ -23,6 +23,7 @@ bind: 1 fcntl: 1 socket: arg0 == AF_NETLINK stat: 1 +statx: 1 uname: 1 # The following ioctls are: # 0x4004550d == USBDEVFS_REAPURBNDELAY32 diff --git a/seccomp/x86_64/9p_device.policy b/seccomp/x86_64/9p_device.policy index e1bddde..498ce6c 100644 --- a/seccomp/x86_64/9p_device.policy +++ b/seccomp/x86_64/9p_device.policy @@ -10,6 +10,7 @@ openat: 1 writev: 1 pwrite64: 1 stat: 1 +statx: 1 lstat: 1 fstat: 1 ioctl: arg1 == FIOCLEX diff --git a/seccomp/x86_64/block_device.policy b/seccomp/x86_64/block_device.policy index c1ddf26..66d7d0d 100644 --- a/seccomp/x86_64/block_device.policy +++ b/seccomp/x86_64/block_device.policy @@ -14,6 +14,7 @@ pread64: 1 preadv: 1 pwrite64: 1 pwritev: 1 +statx: 1 timerfd_create: 1 timerfd_gettime: 1 timerfd_settime: 1 diff --git a/seccomp/x86_64/fs_device.policy b/seccomp/x86_64/fs_device.policy index 20db0bf..8fbb556 100644 --- a/seccomp/x86_64/fs_device.policy +++ b/seccomp/x86_64/fs_device.policy @@ -28,6 +28,7 @@ renameat2: 1 setresgid: 1 setresuid: 1 symlinkat: 1 +statx: 1 umask: 1 unlinkat: 1 utimensat: 1 \ No newline at end of file diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy index b98dbd2..23b6b6c 100644 --- a/seccomp/x86_64/gpu_device.policy +++ b/seccomp/x86_64/gpu_device.policy @@ -68,6 +68,7 @@ openat: 1 readlink: 1 socket: arg0 == 1 && arg1 == 0x80001 && arg2 == 0 stat: 1 +statx: 1 sysinfo: 1 # Rules specific to AMD gpus. diff --git a/seccomp/x86_64/tpm_device.policy b/seccomp/x86_64/tpm_device.policy index c3e727d..7e6d8c9 100644 --- a/seccomp/x86_64/tpm_device.policy +++ b/seccomp/x86_64/tpm_device.policy @@ -55,3 +55,4 @@ open: 1 openat: 1 socket: return EACCES stat: 1 +statx: 1 |