diff options
Diffstat (limited to 'seccomp')
-rw-r--r-- | seccomp/aarch64/9s.policy | 61 | ||||
-rw-r--r-- | seccomp/x86_64/9s.policy | 60 |
2 files changed, 121 insertions, 0 deletions
diff --git a/seccomp/aarch64/9s.policy b/seccomp/aarch64/9s.policy new file mode 100644 index 0000000..37325d3 --- /dev/null +++ b/seccomp/aarch64/9s.policy @@ -0,0 +1,61 @@ +# Copyright 2018 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +read: 1 +write: 1 +stat64: 1 +open: 1 +close: 1 +fstat64: 1 +lstat64: 1 +getdents64: 1 +ioctl: arg1 == FIOCLEX +pread64: 1 +pwrite64: 1 +# Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit +# negation, thus the manually negated mask constant. +mmap2: arg2 in 0xfffffffb +mprotect: arg2 in 0xfffffffb +rt_sigaction: 1 +sigaltstack: 1 +munmap: 1 +utimensat: 1 +brk: 1 +uname: 1 +accept4: 1 +mkdir: 1 +sched_getaffinity: 1 +getpid: 1 +ugetrlimit: 1 +set_robust_list: 1 +fcntl64: 1 +socket: arg0 == AF_UNIX || arg0 == AF_VSOCK +gettimeofday: 1 +restart_syscall: 1 +exit_group: 1 +rt_sigreturn: 1 +rename: 1 +ftruncate64: 1 +connect: 1 +madvise: 1 +rt_sigprocmask: 1 +access: 1 +ARM_set_tls: 1 +_llseek: 1 +exit: 1 +fdatasync: 1 +set_tid_address: 1 +listen: 1 +# Disallow clone's other than new threads. +clone: arg0 & 0x00010000 +statfs64: 1 +link: 1 +unlink: 1 +fsync: 1 +futex: 1 +bind: 1 +rmdir: 1 +# Calling fchown with -1 as the uid/gid will change the ctime but do nothing else. +fchown: arg1 == 0xffffffff && arg2 == 0xffffffff +mremap: 1 diff --git a/seccomp/x86_64/9s.policy b/seccomp/x86_64/9s.policy new file mode 100644 index 0000000..75cf032 --- /dev/null +++ b/seccomp/x86_64/9s.policy @@ -0,0 +1,60 @@ +# Copyright 2018 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +read: 1 +write: 1 +lstat: 1 +stat: 1 +open: 1 +close: 1 +fstat: 1 +getdents: 1 +ioctl: arg1 == FIOCLEX +pwrite64: 1 +pread64: 1 +# Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit +# negation, thus the manually negated mask constant. +mmap: arg2 in 0xfffffffb +mprotect: arg2 in 0xfffffffb +utimensat: 1 +rt_sigaction: 1 +statfs: 1 +sigaltstack: 1 +munmap: 1 +brk: 1 +accept4: 1 +sched_getaffinity: 1 +getpid: 1 +getrlimit: 1 +fcntl: 1 +set_robust_list: 1 +link: 1 +socket: arg0 == AF_UNIX || arg0 == AF_VSOCK +restart_syscall: 1 +exit_group: 1 +rt_sigreturn: 1 +lseek: 1 +uname: 1 +connect: 1 +rt_sigprocmask: 1 +arch_prctl: 1 +access: 1 +exit: 1 +set_tid_address: 1 +listen: 1 +# Disallow clone's other than new threads. +clone: arg0 & 0x00010000 +unlink: 1 +madvise: 1 +futex: 1 +bind: 1 +rmdir: 1 +# Calling fchown with -1 as the uid/gid will change the ctime but do nothing else. +fchown: arg1 == 0xffffffff && arg2 == 0xffffffff +fsync: 1 +fdatasync: 1 +ftruncate: 1 +mkdir: 1 +mremap: 1 +rename: 1 |