Created
December 12, 2023 13:32
-
-
Save Zheaoli/12cecde07512f7cae9ba6f82ca10ad90 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "ociVersion":"1.1.0-rc.1", | |
| "process":{ | |
| "user":{ | |
| "uid":0, | |
| "gid":0, | |
| "additionalGids":[ | |
| 0, | |
| 1, | |
| 2, | |
| 3, | |
| 4, | |
| 6, | |
| 10, | |
| 11, | |
| 20, | |
| 26, | |
| 27 | |
| ] | |
| }, | |
| "args":[ | |
| "/docker-entrypoint.sh", | |
| "nginx", | |
| "-g", | |
| "daemon off;" | |
| ], | |
| "env":[ | |
| "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", | |
| "NGINX_VERSION=1.25.3", | |
| "PKG_RELEASE=1", | |
| "NJS_VERSION=0.8.2" | |
| ], | |
| "cwd":"/", | |
| "capabilities":{ | |
| "bounding":[ | |
| "CAP_CHOWN", | |
| "CAP_DAC_OVERRIDE", | |
| "CAP_FSETID", | |
| "CAP_FOWNER", | |
| "CAP_MKNOD", | |
| "CAP_NET_RAW", | |
| "CAP_SETGID", | |
| "CAP_SETUID", | |
| "CAP_SETFCAP", | |
| "CAP_SETPCAP", | |
| "CAP_NET_BIND_SERVICE", | |
| "CAP_SYS_CHROOT", | |
| "CAP_KILL", | |
| "CAP_AUDIT_WRITE" | |
| ], | |
| "effective":[ | |
| "CAP_CHOWN", | |
| "CAP_DAC_OVERRIDE", | |
| "CAP_FSETID", | |
| "CAP_FOWNER", | |
| "CAP_MKNOD", | |
| "CAP_NET_RAW", | |
| "CAP_SETGID", | |
| "CAP_SETUID", | |
| "CAP_SETFCAP", | |
| "CAP_SETPCAP", | |
| "CAP_NET_BIND_SERVICE", | |
| "CAP_SYS_CHROOT", | |
| "CAP_KILL", | |
| "CAP_AUDIT_WRITE" | |
| ], | |
| "permitted":[ | |
| "CAP_CHOWN", | |
| "CAP_DAC_OVERRIDE", | |
| "CAP_FSETID", | |
| "CAP_FOWNER", | |
| "CAP_MKNOD", | |
| "CAP_NET_RAW", | |
| "CAP_SETGID", | |
| "CAP_SETUID", | |
| "CAP_SETFCAP", | |
| "CAP_SETPCAP", | |
| "CAP_NET_BIND_SERVICE", | |
| "CAP_SYS_CHROOT", | |
| "CAP_KILL", | |
| "CAP_AUDIT_WRITE" | |
| ] | |
| }, | |
| "rlimits":[ | |
| { | |
| "type":"RLIMIT_NOFILE", | |
| "hard":1024, | |
| "soft":1024 | |
| } | |
| ], | |
| "noNewPrivileges":true | |
| }, | |
| "root":{ | |
| "path":"rootfs" | |
| }, | |
| "mounts":[ | |
| { | |
| "destination":"/proc", | |
| "type":"proc", | |
| "source":"proc", | |
| "options":[ | |
| "nosuid", | |
| "noexec", | |
| "nodev" | |
| ] | |
| }, | |
| { | |
| "destination":"/dev", | |
| "type":"tmpfs", | |
| "source":"tmpfs", | |
| "options":[ | |
| "nosuid", | |
| "strictatime", | |
| "mode=755", | |
| "size=65536k" | |
| ] | |
| }, | |
| { | |
| "destination":"/dev/pts", | |
| "type":"devpts", | |
| "source":"devpts", | |
| "options":[ | |
| "nosuid", | |
| "noexec", | |
| "newinstance", | |
| "ptmxmode=0666", | |
| "mode=0620", | |
| "gid=5" | |
| ] | |
| }, | |
| { | |
| "destination":"/dev/shm", | |
| "type":"tmpfs", | |
| "source":"shm", | |
| "options":[ | |
| "nosuid", | |
| "noexec", | |
| "nodev", | |
| "mode=1777", | |
| "size=65536k" | |
| ] | |
| }, | |
| { | |
| "destination":"/dev/mqueue", | |
| "type":"mqueue", | |
| "source":"mqueue", | |
| "options":[ | |
| "nosuid", | |
| "noexec", | |
| "nodev" | |
| ] | |
| }, | |
| { | |
| "destination":"/sys", | |
| "type":"sysfs", | |
| "source":"sysfs", | |
| "options":[ | |
| "nosuid", | |
| "noexec", | |
| "nodev", | |
| "ro" | |
| ] | |
| }, | |
| { | |
| "destination":"/run", | |
| "type":"tmpfs", | |
| "source":"tmpfs", | |
| "options":[ | |
| "nosuid", | |
| "strictatime", | |
| "mode=755", | |
| "size=65536k" | |
| ] | |
| } | |
| ], | |
| "linux":{ | |
| "resources":{ | |
| "devices":[ | |
| { | |
| "allow":false, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":3, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":8, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":7, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":5, | |
| "minor":0, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":5, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":9, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":5, | |
| "minor":1, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":136, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":5, | |
| "minor":2, | |
| "access":"rwm" | |
| } | |
| ] | |
| }, | |
| "cgroupsPath":"/default/nginx", | |
| "namespaces":[ | |
| { | |
| "type":"pid" | |
| }, | |
| { | |
| "type":"ipc" | |
| }, | |
| { | |
| "type":"uts" | |
| }, | |
| { | |
| "type":"mount" | |
| }, | |
| { | |
| "type":"network" | |
| } | |
| ], | |
| "maskedPaths":[ | |
| "/proc/acpi", | |
| "/proc/asound", | |
| "/proc/kcore", | |
| "/proc/keys", | |
| "/proc/latency_stats", | |
| "/proc/timer_list", | |
| "/proc/timer_stats", | |
| "/proc/sched_debug", | |
| "/sys/firmware", | |
| "/sys/devices/virtual/powercap", | |
| "/proc/scsi" | |
| ], | |
| "readonlyPaths":[ | |
| "/proc/bus", | |
| "/proc/fs", | |
| "/proc/irq", | |
| "/proc/sys", | |
| "/proc/sysrq-trigger" | |
| ] | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "ociVersion":"1.1.0-rc.2", | |
| "process":{ | |
| "user":{ | |
| "uid":0, | |
| "gid":0, | |
| "additionalGids":[ | |
| 0, | |
| 0, | |
| 1, | |
| 2, | |
| 3, | |
| 4, | |
| 6, | |
| 10, | |
| 11, | |
| 20, | |
| 26, | |
| 27 | |
| ] | |
| }, | |
| "args":[ | |
| "/docker-entrypoint.sh", | |
| "nginx", | |
| "-g", | |
| "daemon off;" | |
| ], | |
| "env":[ | |
| "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", | |
| "HOSTNAME=cd121ce6649d", | |
| "NGINX_VERSION=1.25.3", | |
| "PKG_RELEASE=1", | |
| "NJS_VERSION=0.8.2" | |
| ], | |
| "cwd":"/", | |
| "capabilities":{ | |
| "bounding":[ | |
| "CAP_CHOWN", | |
| "CAP_DAC_OVERRIDE", | |
| "CAP_FSETID", | |
| "CAP_FOWNER", | |
| "CAP_MKNOD", | |
| "CAP_NET_RAW", | |
| "CAP_SETGID", | |
| "CAP_SETUID", | |
| "CAP_SETFCAP", | |
| "CAP_SETPCAP", | |
| "CAP_NET_BIND_SERVICE", | |
| "CAP_SYS_CHROOT", | |
| "CAP_KILL", | |
| "CAP_AUDIT_WRITE" | |
| ], | |
| "effective":[ | |
| "CAP_CHOWN", | |
| "CAP_DAC_OVERRIDE", | |
| "CAP_FSETID", | |
| "CAP_FOWNER", | |
| "CAP_MKNOD", | |
| "CAP_NET_RAW", | |
| "CAP_SETGID", | |
| "CAP_SETUID", | |
| "CAP_SETFCAP", | |
| "CAP_SETPCAP", | |
| "CAP_NET_BIND_SERVICE", | |
| "CAP_SYS_CHROOT", | |
| "CAP_KILL", | |
| "CAP_AUDIT_WRITE" | |
| ], | |
| "permitted":[ | |
| "CAP_CHOWN", | |
| "CAP_DAC_OVERRIDE", | |
| "CAP_FSETID", | |
| "CAP_FOWNER", | |
| "CAP_MKNOD", | |
| "CAP_NET_RAW", | |
| "CAP_SETGID", | |
| "CAP_SETUID", | |
| "CAP_SETFCAP", | |
| "CAP_SETPCAP", | |
| "CAP_NET_BIND_SERVICE", | |
| "CAP_SYS_CHROOT", | |
| "CAP_KILL", | |
| "CAP_AUDIT_WRITE" | |
| ] | |
| }, | |
| "oomScoreAdj":0 | |
| }, | |
| "root":{ | |
| "path":"/var/lib/docker/overlay2/f24ffd606f5d804e1c8ef721db7fd98377801b9d7e83afe6f6a817ad08eefcef/merged" | |
| }, | |
| "hostname":"cd121ce6649d", | |
| "mounts":[ | |
| { | |
| "destination":"/proc", | |
| "type":"proc", | |
| "source":"proc", | |
| "options":[ | |
| "nosuid", | |
| "noexec", | |
| "nodev" | |
| ] | |
| }, | |
| { | |
| "destination":"/dev", | |
| "type":"tmpfs", | |
| "source":"tmpfs", | |
| "options":[ | |
| "nosuid", | |
| "strictatime", | |
| "mode=755", | |
| "size=65536k" | |
| ] | |
| }, | |
| { | |
| "destination":"/dev/pts", | |
| "type":"devpts", | |
| "source":"devpts", | |
| "options":[ | |
| "nosuid", | |
| "noexec", | |
| "newinstance", | |
| "ptmxmode=0666", | |
| "mode=0620", | |
| "gid=5" | |
| ] | |
| }, | |
| { | |
| "destination":"/sys", | |
| "type":"sysfs", | |
| "source":"sysfs", | |
| "options":[ | |
| "nosuid", | |
| "noexec", | |
| "nodev", | |
| "ro" | |
| ] | |
| }, | |
| { | |
| "destination":"/sys/fs/cgroup", | |
| "type":"cgroup", | |
| "source":"cgroup", | |
| "options":[ | |
| "ro", | |
| "nosuid", | |
| "noexec", | |
| "nodev" | |
| ] | |
| }, | |
| { | |
| "destination":"/dev/mqueue", | |
| "type":"mqueue", | |
| "source":"mqueue", | |
| "options":[ | |
| "nosuid", | |
| "noexec", | |
| "nodev" | |
| ] | |
| }, | |
| { | |
| "destination":"/dev/shm", | |
| "type":"tmpfs", | |
| "source":"shm", | |
| "options":[ | |
| "nosuid", | |
| "noexec", | |
| "nodev", | |
| "mode=1777", | |
| "size=67108864" | |
| ] | |
| }, | |
| { | |
| "destination":"/etc/resolv.conf", | |
| "type":"bind", | |
| "source":"/var/lib/docker/containers/cd121ce6649dee2b0dfd32eae451c72bde0ce6c72dbf30a8610f72ccbd951f0c/resolv.conf", | |
| "options":[ | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination":"/etc/hostname", | |
| "type":"bind", | |
| "source":"/var/lib/docker/containers/cd121ce6649dee2b0dfd32eae451c72bde0ce6c72dbf30a8610f72ccbd951f0c/hostname", | |
| "options":[ | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination":"/etc/hosts", | |
| "type":"bind", | |
| "source":"/var/lib/docker/containers/cd121ce6649dee2b0dfd32eae451c72bde0ce6c72dbf30a8610f72ccbd951f0c/hosts", | |
| "options":[ | |
| "rbind", | |
| "rprivate" | |
| ] | |
| } | |
| ], | |
| "hooks":{ | |
| "prestart":[ | |
| { | |
| "path":"/proc/2091/exe", | |
| "args":[ | |
| "libnetwork-setkey", | |
| "-exec-root=/var/run/docker", | |
| "cd121ce6649dee2b0dfd32eae451c72bde0ce6c72dbf30a8610f72ccbd951f0c", | |
| "74786362a0ae" | |
| ] | |
| } | |
| ] | |
| }, | |
| "linux":{ | |
| "sysctl":{ | |
| "net.ipv4.ip_unprivileged_port_start":"0", | |
| "net.ipv4.ping_group_range":"0 2147483647" | |
| }, | |
| "resources":{ | |
| "devices":[ | |
| { | |
| "allow":false, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":5, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":3, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":9, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":8, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":5, | |
| "minor":0, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":5, | |
| "minor":1, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":false, | |
| "type":"c", | |
| "major":10, | |
| "minor":229, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":false, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":5, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":3, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":9, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":1, | |
| "minor":8, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":5, | |
| "minor":0, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":true, | |
| "type":"c", | |
| "major":5, | |
| "minor":1, | |
| "access":"rwm" | |
| }, | |
| { | |
| "allow":false, | |
| "type":"c", | |
| "major":10, | |
| "minor":229, | |
| "access":"rwm" | |
| } | |
| ], | |
| "blockIO":{ | |
| } | |
| }, | |
| "cgroupsPath":"system.slice:docker:cd121ce6649dee2b0dfd32eae451c72bde0ce6c72dbf30a8610f72ccbd951f0c", | |
| "namespaces":[ | |
| { | |
| "type":"mount" | |
| }, | |
| { | |
| "type":"network" | |
| }, | |
| { | |
| "type":"uts" | |
| }, | |
| { | |
| "type":"pid" | |
| }, | |
| { | |
| "type":"ipc" | |
| }, | |
| { | |
| "type":"cgroup" | |
| } | |
| ], | |
| "seccomp":{ | |
| "defaultAction":"SCMP_ACT_ERRNO", | |
| "defaultErrnoRet":1, | |
| "architectures":[ | |
| "SCMP_ARCH_X86_64", | |
| "SCMP_ARCH_X86", | |
| "SCMP_ARCH_X32" | |
| ], | |
| "syscalls":[ | |
| { | |
| "names":[ | |
| "accept", | |
| "accept4", | |
| "access", | |
| "adjtimex", | |
| "alarm", | |
| "bind", | |
| "brk", | |
| "capget", | |
| "capset", | |
| "chdir", | |
| "chmod", | |
| "chown", | |
| "chown32", | |
| "clock_adjtime", | |
| "clock_adjtime64", | |
| "clock_getres", | |
| "clock_getres_time64", | |
| "clock_gettime", | |
| "clock_gettime64", | |
| "clock_nanosleep", | |
| "clock_nanosleep_time64", | |
| "close", | |
| "close_range", | |
| "connect", | |
| "copy_file_range", | |
| "creat", | |
| "dup", | |
| "dup2", | |
| "dup3", | |
| "epoll_create", | |
| "epoll_create1", | |
| "epoll_ctl", | |
| "epoll_ctl_old", | |
| "epoll_pwait", | |
| "epoll_pwait2", | |
| "epoll_wait", | |
| "epoll_wait_old", | |
| "eventfd", | |
| "eventfd2", | |
| "execve", | |
| "execveat", | |
| "exit", | |
| "exit_group", | |
| "faccessat", | |
| "faccessat2", | |
| "fadvise64", | |
| "fadvise64_64", | |
| "fallocate", | |
| "fanotify_mark", | |
| "fchdir", | |
| "fchmod", | |
| "fchmodat", | |
| "fchown", | |
| "fchown32", | |
| "fchownat", | |
| "fcntl", | |
| "fcntl64", | |
| "fdatasync", | |
| "fgetxattr", | |
| "flistxattr", | |
| "flock", | |
| "fork", | |
| "fremovexattr", | |
| "fsetxattr", | |
| "fstat", | |
| "fstat64", | |
| "fstatat64", | |
| "fstatfs", | |
| "fstatfs64", | |
| "fsync", | |
| "ftruncate", | |
| "ftruncate64", | |
| "futex", | |
| "futex_time64", | |
| "futex_waitv", | |
| "futimesat", | |
| "getcpu", | |
| "getcwd", | |
| "getdents", | |
| "getdents64", | |
| "getegid", | |
| "getegid32", | |
| "geteuid", | |
| "geteuid32", | |
| "getgid", | |
| "getgid32", | |
| "getgroups", | |
| "getgroups32", | |
| "getitimer", | |
| "getpeername", | |
| "getpgid", | |
| "getpgrp", | |
| "getpid", | |
| "getppid", | |
| "getpriority", | |
| "getrandom", | |
| "getresgid", | |
| "getresgid32", | |
| "getresuid", | |
| "getresuid32", | |
| "getrlimit", | |
| "get_robust_list", | |
| "getrusage", | |
| "getsid", | |
| "getsockname", | |
| "getsockopt", | |
| "get_thread_area", | |
| "gettid", | |
| "gettimeofday", | |
| "getuid", | |
| "getuid32", | |
| "getxattr", | |
| "inotify_add_watch", | |
| "inotify_init", | |
| "inotify_init1", | |
| "inotify_rm_watch", | |
| "io_cancel", | |
| "ioctl", | |
| "io_destroy", | |
| "io_getevents", | |
| "io_pgetevents", | |
| "io_pgetevents_time64", | |
| "ioprio_get", | |
| "ioprio_set", | |
| "io_setup", | |
| "io_submit", | |
| "io_uring_enter", | |
| "io_uring_register", | |
| "io_uring_setup", | |
| "ipc", | |
| "kill", | |
| "landlock_add_rule", | |
| "landlock_create_ruleset", | |
| "landlock_restrict_self", | |
| "lchown", | |
| "lchown32", | |
| "lgetxattr", | |
| "link", | |
| "linkat", | |
| "listen", | |
| "listxattr", | |
| "llistxattr", | |
| "_llseek", | |
| "lremovexattr", | |
| "lseek", | |
| "lsetxattr", | |
| "lstat", | |
| "lstat64", | |
| "madvise", | |
| "membarrier", | |
| "memfd_create", | |
| "memfd_secret", | |
| "mincore", | |
| "mkdir", | |
| "mkdirat", | |
| "mknod", | |
| "mknodat", | |
| "mlock", | |
| "mlock2", | |
| "mlockall", | |
| "mmap", | |
| "mmap2", | |
| "mprotect", | |
| "mq_getsetattr", | |
| "mq_notify", | |
| "mq_open", | |
| "mq_timedreceive", | |
| "mq_timedreceive_time64", | |
| "mq_timedsend", | |
| "mq_timedsend_time64", | |
| "mq_unlink", | |
| "mremap", | |
| "msgctl", | |
| "msgget", | |
| "msgrcv", | |
| "msgsnd", | |
| "msync", | |
| "munlock", | |
| "munlockall", | |
| "munmap", | |
| "name_to_handle_at", | |
| "nanosleep", | |
| "newfstatat", | |
| "_newselect", | |
| "open", | |
| "openat", | |
| "openat2", | |
| "pause", | |
| "pidfd_open", | |
| "pidfd_send_signal", | |
| "pipe", | |
| "pipe2", | |
| "pkey_alloc", | |
| "pkey_free", | |
| "pkey_mprotect", | |
| "poll", | |
| "ppoll", | |
| "ppoll_time64", | |
| "prctl", | |
| "pread64", | |
| "preadv", | |
| "preadv2", | |
| "prlimit64", | |
| "process_mrelease", | |
| "pselect6", | |
| "pselect6_time64", | |
| "pwrite64", | |
| "pwritev", | |
| "pwritev2", | |
| "read", | |
| "readahead", | |
| "readlink", | |
| "readlinkat", | |
| "readv", | |
| "recv", | |
| "recvfrom", | |
| "recvmmsg", | |
| "recvmmsg_time64", | |
| "recvmsg", | |
| "remap_file_pages", | |
| "removexattr", | |
| "rename", | |
| "renameat", | |
| "renameat2", | |
| "restart_syscall", | |
| "rmdir", | |
| "rseq", | |
| "rt_sigaction", | |
| "rt_sigpending", | |
| "rt_sigprocmask", | |
| "rt_sigqueueinfo", | |
| "rt_sigreturn", | |
| "rt_sigsuspend", | |
| "rt_sigtimedwait", | |
| "rt_sigtimedwait_time64", | |
| "rt_tgsigqueueinfo", | |
| "sched_getaffinity", | |
| "sched_getattr", | |
| "sched_getparam", | |
| "sched_get_priority_max", | |
| "sched_get_priority_min", | |
| "sched_getscheduler", | |
| "sched_rr_get_interval", | |
| "sched_rr_get_interval_time64", | |
| "sched_setaffinity", | |
| "sched_setattr", | |
| "sched_setparam", | |
| "sched_setscheduler", | |
| "sched_yield", | |
| "seccomp", | |
| "select", | |
| "semctl", | |
| "semget", | |
| "semop", | |
| "semtimedop", | |
| "semtimedop_time64", | |
| "send", | |
| "sendfile", | |
| "sendfile64", | |
| "sendmmsg", | |
| "sendmsg", | |
| "sendto", | |
| "setfsgid", | |
| "setfsgid32", | |
| "setfsuid", | |
| "setfsuid32", | |
| "setgid", | |
| "setgid32", | |
| "setgroups", | |
| "setgroups32", | |
| "setitimer", | |
| "setpgid", | |
| "setpriority", | |
| "setregid", | |
| "setregid32", | |
| "setresgid", | |
| "setresgid32", | |
| "setresuid", | |
| "setresuid32", | |
| "setreuid", | |
| "setreuid32", | |
| "setrlimit", | |
| "set_robust_list", | |
| "setsid", | |
| "setsockopt", | |
| "set_thread_area", | |
| "set_tid_address", | |
| "setuid", | |
| "setuid32", | |
| "setxattr", | |
| "shmat", | |
| "shmctl", | |
| "shmdt", | |
| "shmget", | |
| "shutdown", | |
| "sigaltstack", | |
| "signalfd", | |
| "signalfd4", | |
| "sigprocmask", | |
| "sigreturn", | |
| "socketcall", | |
| "socketpair", | |
| "splice", | |
| "stat", | |
| "stat64", | |
| "statfs", | |
| "statfs64", | |
| "statx", | |
| "symlink", | |
| "symlinkat", | |
| "sync", | |
| "sync_file_range", | |
| "syncfs", | |
| "sysinfo", | |
| "tee", | |
| "tgkill", | |
| "time", | |
| "timer_create", | |
| "timer_delete", | |
| "timer_getoverrun", | |
| "timer_gettime", | |
| "timer_gettime64", | |
| "timer_settime", | |
| "timer_settime64", | |
| "timerfd_create", | |
| "timerfd_gettime", | |
| "timerfd_gettime64", | |
| "timerfd_settime", | |
| "timerfd_settime64", | |
| "times", | |
| "tkill", | |
| "truncate", | |
| "truncate64", | |
| "ugetrlimit", | |
| "umask", | |
| "uname", | |
| "unlink", | |
| "unlinkat", | |
| "utime", | |
| "utimensat", | |
| "utimensat_time64", | |
| "utimes", | |
| "vfork", | |
| "vmsplice", | |
| "wait4", | |
| "waitid", | |
| "waitpid", | |
| "write", | |
| "writev" | |
| ], | |
| "action":"SCMP_ACT_ALLOW" | |
| }, | |
| { | |
| "names":[ | |
| "process_vm_readv", | |
| "process_vm_writev", | |
| "ptrace" | |
| ], | |
| "action":"SCMP_ACT_ALLOW" | |
| }, | |
| { | |
| "names":[ | |
| "socket" | |
| ], | |
| "action":"SCMP_ACT_ALLOW", | |
| "args":[ | |
| { | |
| "index":0, | |
| "value":40, | |
| "op":"SCMP_CMP_NE" | |
| } | |
| ] | |
| }, | |
| { | |
| "names":[ | |
| "personality" | |
| ], | |
| "action":"SCMP_ACT_ALLOW", | |
| "args":[ | |
| { | |
| "index":0, | |
| "value":0, | |
| "op":"SCMP_CMP_EQ" | |
| } | |
| ] | |
| }, | |
| { | |
| "names":[ | |
| "personality" | |
| ], | |
| "action":"SCMP_ACT_ALLOW", | |
| "args":[ | |
| { | |
| "index":0, | |
| "value":8, | |
| "op":"SCMP_CMP_EQ" | |
| } | |
| ] | |
| }, | |
| { | |
| "names":[ | |
| "personality" | |
| ], | |
| "action":"SCMP_ACT_ALLOW", | |
| "args":[ | |
| { | |
| "index":0, | |
| "value":131072, | |
| "op":"SCMP_CMP_EQ" | |
| } | |
| ] | |
| }, | |
| { | |
| "names":[ | |
| "personality" | |
| ], | |
| "action":"SCMP_ACT_ALLOW", | |
| "args":[ | |
| { | |
| "index":0, | |
| "value":131080, | |
| "op":"SCMP_CMP_EQ" | |
| } | |
| ] | |
| }, | |
| { | |
| "names":[ | |
| "personality" | |
| ], | |
| "action":"SCMP_ACT_ALLOW", | |
| "args":[ | |
| { | |
| "index":0, | |
| "value":4294967295, | |
| "op":"SCMP_CMP_EQ" | |
| } | |
| ] | |
| }, | |
| { | |
| "names":[ | |
| "arch_prctl" | |
| ], | |
| "action":"SCMP_ACT_ALLOW" | |
| }, | |
| { | |
| "names":[ | |
| "modify_ldt" | |
| ], | |
| "action":"SCMP_ACT_ALLOW" | |
| }, | |
| { | |
| "names":[ | |
| "clone" | |
| ], | |
| "action":"SCMP_ACT_ALLOW", | |
| "args":[ | |
| { | |
| "index":0, | |
| "value":2114060288, | |
| "op":"SCMP_CMP_MASKED_EQ" | |
| } | |
| ] | |
| }, | |
| { | |
| "names":[ | |
| "clone3" | |
| ], | |
| "action":"SCMP_ACT_ERRNO", | |
| "errnoRet":38 | |
| }, | |
| { | |
| "names":[ | |
| "chroot" | |
| ], | |
| "action":"SCMP_ACT_ALLOW" | |
| } | |
| ] | |
| }, | |
| "maskedPaths":[ | |
| "/proc/asound", | |
| "/proc/acpi", | |
| "/proc/kcore", | |
| "/proc/keys", | |
| "/proc/latency_stats", | |
| "/proc/timer_list", | |
| "/proc/timer_stats", | |
| "/proc/sched_debug", | |
| "/proc/scsi", | |
| "/sys/firmware", | |
| "/sys/devices/virtual/powercap" | |
| ], | |
| "readonlyPaths":[ | |
| "/proc/bus", | |
| "/proc/fs", | |
| "/proc/irq", | |
| "/proc/sys", | |
| "/proc/sysrq-trigger" | |
| ] | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment