1# Copyright 2019 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5brk: 1 6clone: arg0 & CLONE_THREAD 7close: 1 8dup3: 1 9dup: 1 10epoll_create1: 1 11epoll_ctl: 1 12epoll_pwait: 1 13eventfd2: 1 14exit: 1 15exit_group: 1 16futex: 1 17getpid: 1 18gettimeofday: 1 19kill: 1 20madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE 21mmap: arg2 in ~PROT_EXEC 22mprotect: arg2 in ~PROT_EXEC 23mremap: 1 24munmap: 1 25nanosleep: 1 26pipe2: 1 27ppoll: 1 28prctl: arg0 == PR_SET_NAME 29read: 1 30readv: 1 31recvfrom: 1 32recvmsg: 1 33restart_syscall: 1 34rt_sigaction: 1 35rt_sigprocmask: 1 36rt_sigreturn: 1 37sched_getaffinity: 1 38sendmsg: 1 39sendto: 1 40set_robust_list: 1 41sigaltstack: 1 42write: 1 43writev: 1 44 45# Whitelist vhost_net ioctls only. 46# arg1 == VHOST_GET_FEATURES || 47# arg1 == VHOST_SET_FEATURES || 48# arg1 == VHOST_SET_OWNER || 49# arg1 == VHOST_RESET_OWNER || 50# arg1 == VHOST_SET_MEM_TABLE || 51# arg1 == VHOST_SET_LOG_BASE || 52# arg1 == VHOST_SET_LOG_FD || 53# arg1 == VHOST_SET_VRING_NUM || 54# arg1 == VHOST_SET_VRING_ADDR || 55# arg1 == VHOST_SET_VRING_BASE || 56# arg1 == VHOST_GET_VRING_BASE || 57# arg1 == VHOST_SET_VRING_KICK || 58# arg1 == VHOST_SET_VRING_CALL || 59# arg1 == VHOST_SET_VRING_ERR || 60# arg1 == VHOST_NET_SET_BACKEND 61ioctl: arg1 == 0x8008af00 || arg1 == 0x4008af00 || arg1 == 0x0000af01 || arg1 == 0x0000af02 || arg1 == 0x4008af03 || arg1 == 0x4008af04 || arg1 == 0x4004af07 || arg1 == 0x4008af10 || arg1 == 0x4028af11 || arg1 == 0x4008af12 || arg1 == 0xc008af12 || arg1 == 0x4008af20 || arg1 == 0x4008af21 || arg1 == 0x4008af22 || arg1 == 0x4008af30 62openat: return ENOENT 63