1# Minijail Seccomp Policy for isolated_app processes on all architectures 2# except I386. 3# This policy is appended to the architecture-specific policy. 4 5accept4: return EPERM 6accept: return EPERM 7bind: return EPERM 8connect: 1 9getsockopt: 1 10listen: return EPERM 11msgctl: return EPERM 12msgget: return EPERM 13msgrcv: return EPERM 14msgsnd: return EPERM 15recvfrom: 1 16recvmsg: 1 17semctl: return EPERM 18semget: return EPERM 19semop: return EPERM 20semtimedop: return EPERM 21sendmsg: 1 22sendto: 1 23 24# setsockopt: level==SOL_SOCKET && optname==SO_PEEK_OFF 25setsockopt: arg1 == 1 && arg2 == 42 26 27shmat: return EPERM 28shmctl: return EPERM 29shmdt: return EPERM 30shmget: return EPERM 31shutdown: 1 32 33# socket: domain==AF_UNIX && protocol == 0 34socket: arg0 == 1 && arg2 == 0 35 36# socketpair: domain==AF_UNIX 37socketpair: arg0 == 1 38