1673 lines
36 KiB
JSON
1673 lines
36 KiB
JSON
{
|
|
"ociVersion": "1.0.0-rc5-dev",
|
|
"platform": {
|
|
"os": "linux",
|
|
"arch": "amd64"
|
|
},
|
|
"process": {
|
|
"terminal": true,
|
|
"consoleSize": {
|
|
"height": 0,
|
|
"width": 0
|
|
},
|
|
"user": {
|
|
"uid": 5,
|
|
"gid": 3
|
|
},
|
|
"args": [
|
|
"/bin/bash",
|
|
"-x",
|
|
"sleep",
|
|
"5"
|
|
],
|
|
"env": [
|
|
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
|
"HOSTNAME=7facfe3313cd",
|
|
"TERM=xterm"
|
|
],
|
|
"cwd": "/",
|
|
"capabilities": [
|
|
"CAP_CHOWN",
|
|
"CAP_DAC_OVERRIDE",
|
|
"CAP_FSETID",
|
|
"CAP_FOWNER",
|
|
"CAP_MKNOD",
|
|
"CAP_NET_RAW",
|
|
"CAP_SETGID",
|
|
"CAP_SETUID",
|
|
"CAP_SETFCAP",
|
|
"CAP_SETPCAP",
|
|
"CAP_NET_BIND_SERVICE",
|
|
"CAP_SYS_CHROOT",
|
|
"CAP_KILL",
|
|
"CAP_AUDIT_WRITE"
|
|
],
|
|
"rlimits": [
|
|
{
|
|
"type": "RLIMIT_NOFILE",
|
|
"hard": 1024,
|
|
"soft": 1024
|
|
},
|
|
{
|
|
"type": "RLIMIT_CPU",
|
|
"hard": 124,
|
|
"soft": 109994
|
|
}
|
|
],
|
|
"apparmorProfile": "docker-default",
|
|
"selinuxLabel": "docker-default-selinux"
|
|
},
|
|
"root": {
|
|
"path": "/var/lib/docker/aufs/mnt/30c8ae0af789e1c313726584699c1ce351e0a4e056885096423235bcbfc6c61a"
|
|
},
|
|
"hostname": "7facfe3313cd",
|
|
"mounts": [
|
|
{
|
|
"destination": "/proc",
|
|
"type": "proc",
|
|
"source": "proc",
|
|
"options": [
|
|
"nosuid",
|
|
"noexec",
|
|
"nodev"
|
|
]
|
|
},
|
|
{
|
|
"destination": "/dev",
|
|
"type": "tmpfs",
|
|
"source": "tmpfs",
|
|
"options": [
|
|
"nosuid",
|
|
"strictatime",
|
|
"mode=755"
|
|
]
|
|
},
|
|
{
|
|
"destination": "/dev/pts",
|
|
"type": "devpts",
|
|
"source": "devpts",
|
|
"options": [
|
|
"nosuid",
|
|
"noexec",
|
|
"newinstance",
|
|
"ptmxmode=0666",
|
|
"mode=0620",
|
|
"gid=5"
|
|
]
|
|
},
|
|
{
|
|
"destination": "/sys",
|
|
"type": "sysfs",
|
|
"source": "sysfs",
|
|
"options": [
|
|
"nosuid",
|
|
"noexec",
|
|
"nodev",
|
|
"ro"
|
|
]
|
|
},
|
|
{
|
|
"destination": "/sys/fs/cgroup",
|
|
"type": "cgroup",
|
|
"source": "cgroup",
|
|
"options": [
|
|
"ro",
|
|
"nosuid",
|
|
"noexec",
|
|
"nodev"
|
|
]
|
|
},
|
|
{
|
|
"destination": "/dev/mqueue",
|
|
"type": "mqueue",
|
|
"source": "mqueue",
|
|
"options": [
|
|
"nosuid",
|
|
"noexec",
|
|
"nodev"
|
|
]
|
|
},
|
|
{
|
|
"destination": "/etc/resolv.conf",
|
|
"type": "bind",
|
|
"source": "/var/lib/docker/containers/7facfe3313cdca596b13ab6aab063e577f8540f875943e074c08603ee8efb52c/resolv.conf",
|
|
"options": [
|
|
"rbind",
|
|
"rprivate"
|
|
]
|
|
},
|
|
{
|
|
"destination": "/etc/hostname",
|
|
"type": "bind",
|
|
"source": "/var/lib/docker/containers/7facfe3313cdca596b13ab6aab063e577f8540f875943e074c08603ee8efb52c/hostname",
|
|
"options": [
|
|
"rbind",
|
|
"rprivate"
|
|
]
|
|
},
|
|
{
|
|
"destination": "/etc/hosts",
|
|
"type": "bind",
|
|
"source": "/var/lib/docker/containers/7facfe3313cdca596b13ab6aab063e577f8540f875943e074c08603ee8efb52c/hosts",
|
|
"options": [
|
|
"rbind",
|
|
"rprivate"
|
|
]
|
|
},
|
|
{
|
|
"destination": "/dev/shm",
|
|
"type": "bind",
|
|
"source": "/var/lib/docker/containers/7facfe3313cdca596b13ab6aab063e577f8540f875943e074c08603ee8efb52c/shm",
|
|
"options": [
|
|
"rbind",
|
|
"rprivate"
|
|
]
|
|
}
|
|
],
|
|
"hooks": {
|
|
"prestart": [
|
|
{
|
|
"path": "/usr/bin/dockerd",
|
|
"args": [
|
|
"libnetwork-setkey",
|
|
"7facfe3313cdca596b13ab6aab063e577f8540f875943e074c08603ee8efb52c",
|
|
"007ddd4074870397cf56b5fc958fdcea04314b7bfeaaf8104e13b9c980ed6ac4"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"linux": {
|
|
"uidMappings": [
|
|
{
|
|
"hostID": 1002,
|
|
"containerID": 0,
|
|
"size": 32002
|
|
}
|
|
],
|
|
"gidMappings": [
|
|
{
|
|
"hostID": 1001,
|
|
"containerID": 0,
|
|
"size": 32001
|
|
}
|
|
],
|
|
"resources": {
|
|
"devices": [
|
|
{
|
|
"allow": false,
|
|
"access": "rwm"
|
|
},
|
|
{
|
|
"allow": true,
|
|
"type": "c",
|
|
"major": 1,
|
|
"minor": 5,
|
|
"access": "rwm"
|
|
},
|
|
{
|
|
"allow": true,
|
|
"type": "c",
|
|
"major": 1,
|
|
"minor": 3,
|
|
"access": "rwm"
|
|
},
|
|
{
|
|
"allow": true,
|
|
"type": "c",
|
|
"major": 1,
|
|
"minor": 9,
|
|
"access": "rwm"
|
|
},
|
|
{
|
|
"allow": true,
|
|
"type": "c",
|
|
"major": 1,
|
|
"minor": 8,
|
|
"access": "rwm"
|
|
},
|
|
{
|
|
"allow": true,
|
|
"type": "c",
|
|
"major": 5,
|
|
"minor": 0,
|
|
"access": "rwm"
|
|
},
|
|
{
|
|
"allow": true,
|
|
"type": "c",
|
|
"major": 5,
|
|
"minor": 1,
|
|
"access": "rwm"
|
|
},
|
|
{
|
|
"allow": false,
|
|
"type": "c",
|
|
"major": 10,
|
|
"minor": 229,
|
|
"access": "rwm"
|
|
}
|
|
],
|
|
"disableOOMKiller": false,
|
|
"memory": {
|
|
"limit": 536870912,
|
|
"reservation": 536870912,
|
|
"swap": 536870912,
|
|
"kernel": 0,
|
|
"kernelTCP": 0,
|
|
"swappiness": 20
|
|
},
|
|
"cpu": {
|
|
"shares": 1024,
|
|
"quota": 1000000,
|
|
"period": 500000,
|
|
"realtimeRuntime": 950000,
|
|
"realtimePeriod": 1000000,
|
|
"cpus": "2-3",
|
|
"mems": "0-7"
|
|
},
|
|
"pids": {
|
|
"limit": 32771
|
|
},
|
|
"hugepageLimits": [
|
|
{
|
|
"pageSize": "2MB",
|
|
"limit": 209715200
|
|
},
|
|
{
|
|
"pageSize": "2GB",
|
|
"limit": 10971201
|
|
}
|
|
],
|
|
"network": {
|
|
"classID": 1048577,
|
|
"priorities": [
|
|
{
|
|
"name": "eth0",
|
|
"priority": 500
|
|
},
|
|
{
|
|
"name": "eth1",
|
|
"priority": 1000
|
|
}
|
|
]
|
|
},
|
|
"blockIO": {
|
|
"weight": 10,
|
|
"leafWeight": 11,
|
|
"weightDevice": [
|
|
{
|
|
"major": 8,
|
|
"minor": 0,
|
|
"weight": 500,
|
|
"leafWeight": 300
|
|
},
|
|
{
|
|
"major": 8,
|
|
"minor": 16,
|
|
"weight": 500
|
|
}
|
|
],
|
|
"throttleReadBpsDevice": [
|
|
{
|
|
"major": 8,
|
|
"minor": 0,
|
|
"rate": 600
|
|
}
|
|
],
|
|
"throttleWriteBpsDevice": [
|
|
{
|
|
"major": 8,
|
|
"minor": 1,
|
|
"rate": 601
|
|
}
|
|
],
|
|
"throttleReadIOPSDevice": [
|
|
{
|
|
"major": 8,
|
|
"minor": 0,
|
|
"rate": 700
|
|
}
|
|
],
|
|
"throttleWriteIOPSDevice": [
|
|
{
|
|
"major": 8,
|
|
"minor": 1,
|
|
"rate": 701
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"cgroupsPath": "/docker/7facfe3313cdca596b13ab6aab063e577f8540f875943e074c08603ee8efb52c",
|
|
"namespaces": [
|
|
{
|
|
"type": "mount"
|
|
},
|
|
{
|
|
"type": "network"
|
|
},
|
|
{
|
|
"type": "uts"
|
|
},
|
|
{
|
|
"type": "pid"
|
|
},
|
|
{
|
|
"type": "ipc"
|
|
}
|
|
],
|
|
"intelRdt": {
|
|
"l3CacheSchema": "L3:0=ffff0;1=3ff"
|
|
},
|
|
"sysctl": {
|
|
"net.ipv4.ip_forward": "1",
|
|
"net.core.somaxconn": "256"
|
|
},
|
|
"seccomp": {
|
|
"defaultAction": "SCMP_ACT_ERRNO",
|
|
"architectures": [
|
|
"SCMP_ARCH_X86_64",
|
|
"SCMP_ARCH_X86",
|
|
"SCMP_ARCH_X32"
|
|
],
|
|
"syscalls": [
|
|
{
|
|
"name": "accept",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "accept4",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "access",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "alarm",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "alarm",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "bind",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "brk",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "capget",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "capset",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "chdir",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "chmod",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "chown",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "chown32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "clock_getres",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "clock_gettime",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "clock_nanosleep",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "close",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "connect",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "copy_file_range",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "creat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "dup",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "dup2",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "dup3",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "epoll_create",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "epoll_create1",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "epoll_ctl",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "epoll_ctl_old",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "epoll_pwait",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "epoll_wait",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "epoll_wait_old",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "eventfd",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "eventfd2",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "execve",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "execveat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "exit",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "exit_group",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "faccessat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fadvise64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fadvise64_64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fallocate",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fanotify_mark",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fchdir",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fchmod",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fchmodat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fchown",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fchown32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fchownat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fcntl",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fcntl64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fdatasync",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fgetxattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "flistxattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "flock",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fork",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fremovexattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fsetxattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fstat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fstat64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fstatat64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fstatfs",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fstatfs64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "fsync",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "ftruncate",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "ftruncate64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "futex",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "futimesat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getcpu",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getcwd",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getdents",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getdents64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getegid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getegid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "geteuid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "geteuid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getgid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getgid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getgroups",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getgroups32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getitimer",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getpeername",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getpgid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getpgrp",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getpid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getppid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getpriority",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getrandom",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getresgid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getresgid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getresuid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getresuid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getrlimit",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "get_robust_list",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getrusage",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getsid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getsockname",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getsockopt",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "get_thread_area",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "gettid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "gettimeofday",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getuid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getuid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "getxattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "inotify_add_watch",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "inotify_init",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "inotify_init1",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "inotify_rm_watch",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "io_cancel",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "ioctl",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "io_destroy",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "io_getevents",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "ioprio_get",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "ioprio_set",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "io_setup",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "io_submit",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "ipc",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "kill",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "lchown",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "lchown32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "lgetxattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "link",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "linkat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "listen",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "listxattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "llistxattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "_llseek",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "lremovexattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "lseek",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "lsetxattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "lstat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "lstat64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "madvise",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "memfd_create",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mincore",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mkdir",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mkdirat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mknod",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mknodat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mlock",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mlock2",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mlockall",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mmap",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mmap2",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mprotect",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mq_getsetattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mq_notify",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mq_open",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mq_timedreceive",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mq_timedsend",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mq_unlink",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "mremap",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "msgctl",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "msgget",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "msgrcv",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "msgsnd",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "msync",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "munlock",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "munlockall",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "munmap",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "nanosleep",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "newfstatat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "_newselect",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "open",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "openat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "pause",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "pipe",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "pipe2",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "poll",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "ppoll",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "prctl",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "pread64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "preadv",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "prlimit64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "pselect6",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "pwrite64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "pwritev",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "read",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "readahead",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "readlink",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "readlinkat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "readv",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "recv",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "recvfrom",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "recvmmsg",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "recvmsg",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "remap_file_pages",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "removexattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "rename",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "renameat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "renameat2",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "restart_syscall",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "rmdir",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "rt_sigaction",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "rt_sigpending",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "rt_sigprocmask",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "rt_sigqueueinfo",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "rt_sigreturn",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "rt_sigsuspend",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "rt_sigtimedwait",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "rt_tgsigqueueinfo",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_getaffinity",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_getattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_getparam",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_get_priority_max",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_get_priority_min",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_getscheduler",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_rr_get_interval",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_setaffinity",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_setattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_setparam",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_setscheduler",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sched_yield",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "seccomp",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "select",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "semctl",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "semget",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "semop",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "semtimedop",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "send",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sendfile",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sendfile64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sendmmsg",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sendmsg",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sendto",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setfsgid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setfsgid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setfsuid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setfsuid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setgid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setgid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setgroups",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setgroups32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setitimer",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setpgid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setpriority",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setregid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setregid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setresgid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setresgid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setresuid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setresuid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setreuid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setreuid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setrlimit",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "set_robust_list",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setsid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setsockopt",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "set_thread_area",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "set_tid_address",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setuid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setuid32",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "setxattr",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "shmat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "shmctl",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "shmdt",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "shmget",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "shutdown",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sigaltstack",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "signalfd",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "signalfd4",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sigreturn",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "socket",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "socketcall",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "socketpair",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "splice",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "stat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "stat64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "statfs",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "statfs64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "symlink",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "symlinkat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sync",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sync_file_range",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "syncfs",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "sysinfo",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "syslog",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "tee",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "tgkill",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "time",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "timer_create",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "timer_delete",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "timerfd_create",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "timerfd_gettime",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "timerfd_settime",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "timer_getoverrun",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "timer_gettime",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "timer_settime",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "times",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "tkill",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "truncate",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "truncate64",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "ugetrlimit",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "umask",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "uname",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "unlink",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "unlinkat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "utime",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "utimensat",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "utimes",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "vfork",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "vmsplice",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "wait4",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "waitid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "waitpid",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "write",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "writev",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "personality",
|
|
"action": "SCMP_ACT_ALLOW",
|
|
"args": [
|
|
{
|
|
"index": 0,
|
|
"value": 0,
|
|
"valueTwo": 0,
|
|
"op": "SCMP_CMP_EQ"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "personality",
|
|
"action": "SCMP_ACT_ALLOW",
|
|
"args": [
|
|
{
|
|
"index": 0,
|
|
"value": 8,
|
|
"valueTwo": 0,
|
|
"op": "SCMP_CMP_EQ"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "personality",
|
|
"action": "SCMP_ACT_ALLOW",
|
|
"args": [
|
|
{
|
|
"index": 0,
|
|
"value": 4294967295,
|
|
"valueTwo": 0,
|
|
"op": "SCMP_CMP_EQ"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "arch_prctl",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "modify_ldt",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
},
|
|
{
|
|
"name": "clone",
|
|
"action": "SCMP_ACT_ALLOW",
|
|
"args": [
|
|
{
|
|
"index": 0,
|
|
"value": 2080505856,
|
|
"valueTwo": 0,
|
|
"op": "SCMP_CMP_MASKED_EQ"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "chroot",
|
|
"action": "SCMP_ACT_ALLOW"
|
|
}
|
|
]
|
|
},
|
|
"maskedPaths": [
|
|
"/proc/kcore",
|
|
"/proc/latency_stats",
|
|
"/proc/timer_list",
|
|
"/proc/timer_stats",
|
|
"/proc/sched_debug",
|
|
"/sys/firmware"
|
|
],
|
|
"readonlyPaths": [
|
|
"/proc/asound",
|
|
"/proc/bus",
|
|
"/proc/fs",
|
|
"/proc/irq",
|
|
"/proc/sys",
|
|
"/proc/sysrq-trigger"
|
|
]
|
|
}
|
|
}
|