Created
April 12, 2022 10:12
-
-
Save patryk4815/84001b747f87ab2b53659ed71f0034b6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"ociVersion": "1.0.2-dev", | |
"process": { | |
"terminal": true, | |
"user": { | |
"uid": 0, | |
"gid": 0 | |
}, | |
"args": [ | |
"bash" | |
], | |
"env": [ | |
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", | |
"TERM=xterm" | |
], | |
"cwd": "/", | |
"capabilities": { | |
"bounding": [ | |
"CAP_CHOWN", | |
"CAP_DAC_OVERRIDE", | |
"CAP_FSETID", | |
"CAP_FOWNER", | |
"CAP_MKNOD", | |
"CAP_NET_RAW", | |
"CAP_SETGID", | |
"CAP_SETUID", | |
"CAP_SETFCAP", | |
"CAP_SETPCAP", | |
"CAP_NET_BIND_SERVICE", | |
"CAP_SYS_CHROOT", | |
"CAP_KILL", | |
"CAP_AUDIT_WRITE" | |
], | |
"effective": [ | |
"CAP_CHOWN", | |
"CAP_DAC_OVERRIDE", | |
"CAP_FSETID", | |
"CAP_FOWNER", | |
"CAP_MKNOD", | |
"CAP_NET_RAW", | |
"CAP_SETGID", | |
"CAP_SETUID", | |
"CAP_SETFCAP", | |
"CAP_SETPCAP", | |
"CAP_NET_BIND_SERVICE", | |
"CAP_SYS_CHROOT", | |
"CAP_KILL", | |
"CAP_AUDIT_WRITE" | |
], | |
"permitted": [ | |
"CAP_CHOWN", | |
"CAP_DAC_OVERRIDE", | |
"CAP_FSETID", | |
"CAP_FOWNER", | |
"CAP_MKNOD", | |
"CAP_NET_RAW", | |
"CAP_SETGID", | |
"CAP_SETUID", | |
"CAP_SETFCAP", | |
"CAP_SETPCAP", | |
"CAP_NET_BIND_SERVICE", | |
"CAP_SYS_CHROOT", | |
"CAP_KILL", | |
"CAP_AUDIT_WRITE" | |
] | |
}, | |
"rlimits": [ | |
{ | |
"type": "RLIMIT_NOFILE", | |
"hard": 1024, | |
"soft": 1024 | |
} | |
], | |
"apparmorProfile": "nerdctl-default" | |
}, | |
"root": { | |
"path": "rootfs" | |
}, | |
"hostname": "a702709e74b1", | |
"mounts": [ | |
{ | |
"destination": "/proc", | |
"type": "proc", | |
"source": "proc", | |
"options": [ | |
"nosuid", | |
"noexec", | |
"nodev" | |
] | |
}, | |
{ | |
"destination": "/dev", | |
"type": "tmpfs", | |
"source": "tmpfs", | |
"options": [ | |
"nosuid", | |
"strictatime", | |
"mode=755", | |
"size=65536k" | |
] | |
}, | |
{ | |
"destination": "/dev/pts", | |
"type": "devpts", | |
"source": "devpts", | |
"options": [ | |
"nosuid", | |
"noexec", | |
"newinstance", | |
"ptmxmode=0666", | |
"mode=0620", | |
"gid=5" | |
] | |
}, | |
{ | |
"destination": "/dev/shm", | |
"type": "tmpfs", | |
"source": "shm", | |
"options": [ | |
"nosuid", | |
"noexec", | |
"nodev", | |
"mode=1777", | |
"size=65536k" | |
] | |
}, | |
{ | |
"destination": "/dev/mqueue", | |
"type": "mqueue", | |
"source": "mqueue", | |
"options": [ | |
"nosuid", | |
"noexec", | |
"nodev" | |
] | |
}, | |
{ | |
"destination": "/sys", | |
"type": "sysfs", | |
"source": "sysfs", | |
"options": [ | |
"nosuid", | |
"noexec", | |
"nodev", | |
"ro" | |
] | |
}, | |
{ | |
"destination": "/sys/fs/cgroup", | |
"type": "cgroup", | |
"source": "cgroup", | |
"options": [ | |
"ro", | |
"nosuid", | |
"noexec", | |
"nodev" | |
] | |
}, | |
{ | |
"destination": "/etc/resolv.conf", | |
"type": "bind", | |
"source": "/var/lib/nerdctl/1935db59/containers/default/a702709e74b1cff6aff38bfe99451414e4289f75650f43efcb8daa3c682d3757/resolv.conf", | |
"options": [ | |
"bind", | |
"rprivate" | |
] | |
}, | |
{ | |
"destination": "/etc/hosts", | |
"type": "bind", | |
"source": "/var/lib/nerdctl/1935db59/etchosts/default/a702709e74b1cff6aff38bfe99451414e4289f75650f43efcb8daa3c682d3757/hosts", | |
"options": [ | |
"bind", | |
"rprivate" | |
] | |
}, | |
{ | |
"destination": "/etc/hostname", | |
"type": "bind", | |
"source": "/var/lib/nerdctl/1935db59/containers/default/a702709e74b1cff6aff38bfe99451414e4289f75650f43efcb8daa3c682d3757/hostname", | |
"options": [ | |
"bind", | |
"rprivate" | |
] | |
} | |
], | |
"hooks": { | |
"createRuntime": [ | |
{ | |
"path": "/usr/local/bin/nerdctl", | |
"args": [ | |
"/usr/local/bin/nerdctl", | |
"internal", | |
"oci-hook", | |
"createRuntime" | |
], | |
"env": [ | |
"SHELL=/bin/bash", | |
"PWD=/root", | |
"LOGNAME=root", | |
"HOME=/root", | |
"LANG=C.UTF-8", | |
"LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:", | |
"LESSCLOSE=/usr/bin/lesspipe %s %s", | |
"TERM=xterm-256color", | |
"LESSOPEN=| /usr/bin/lesspipe %s", | |
"USER=root", | |
"SHLVL=1", | |
"DEBUGINFOD_URLS=", | |
"XDG_DATA_DIRS=/usr/local/share:/usr/share:/var/lib/snapd/desktop", | |
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin", | |
"MAIL=/var/mail/root", | |
"_=/usr/local/bin/nerdctl" | |
] | |
} | |
], | |
"poststop": [ | |
{ | |
"path": "/usr/local/bin/nerdctl", | |
"args": [ | |
"/usr/local/bin/nerdctl", | |
"internal", | |
"oci-hook", | |
"postStop" | |
], | |
"env": [ | |
"SHELL=/bin/bash", | |
"PWD=/root", | |
"LOGNAME=root", | |
"HOME=/root", | |
"LANG=C.UTF-8", | |
"LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:", | |
"LESSCLOSE=/usr/bin/lesspipe %s %s", | |
"TERM=xterm-256color", | |
"LESSOPEN=| /usr/bin/lesspipe %s", | |
"USER=root", | |
"SHLVL=1", | |
"DEBUGINFOD_URLS=", | |
"XDG_DATA_DIRS=/usr/local/share:/usr/share:/var/lib/snapd/desktop", | |
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin", | |
"MAIL=/var/mail/root", | |
"_=/usr/local/bin/nerdctl" | |
] | |
} | |
] | |
}, | |
"annotations": { | |
"io.containerd.image.config.stop-signal": "SIGTERM", | |
"nerdctl/extraHosts": "null", | |
"nerdctl/hostname": "a702709e74b1", | |
"nerdctl/name": "gdb-a7027", | |
"nerdctl/namespace": "default", | |
"nerdctl/networks": "[\"bridge\"]", | |
"nerdctl/platform": "linux/amd64", | |
"nerdctl/state-dir": "/var/lib/nerdctl/1935db59/containers/default/a702709e74b1cff6aff38bfe99451414e4289f75650f43efcb8daa3c682d3757" | |
}, | |
"linux": { | |
"resources": { | |
"devices": [ | |
{ | |
"allow": false, | |
"access": "rwm" | |
}, | |
{ | |
"allow": true, | |
"type": "c", | |
"major": 1, | |
"minor": 3, | |
"access": "rwm" | |
}, | |
{ | |
"allow": true, | |
"type": "c", | |
"major": 1, | |
"minor": 8, | |
"access": "rwm" | |
}, | |
{ | |
"allow": true, | |
"type": "c", | |
"major": 1, | |
"minor": 7, | |
"access": "rwm" | |
}, | |
{ | |
"allow": true, | |
"type": "c", | |
"major": 5, | |
"minor": 0, | |
"access": "rwm" | |
}, | |
{ | |
"allow": true, | |
"type": "c", | |
"major": 1, | |
"minor": 5, | |
"access": "rwm" | |
}, | |
{ | |
"allow": true, | |
"type": "c", | |
"major": 1, | |
"minor": 9, | |
"access": "rwm" | |
}, | |
{ | |
"allow": true, | |
"type": "c", | |
"major": 5, | |
"minor": 1, | |
"access": "rwm" | |
}, | |
{ | |
"allow": true, | |
"type": "c", | |
"major": 136, | |
"access": "rwm" | |
}, | |
{ | |
"allow": true, | |
"type": "c", | |
"major": 5, | |
"minor": 2, | |
"access": "rwm" | |
}, | |
{ | |
"allow": true, | |
"type": "c", | |
"major": 10, | |
"minor": 200, | |
"access": "rwm" | |
} | |
] | |
}, | |
"cgroupsPath": "system.slice:nerdctl:a702709e74b1cff6aff38bfe99451414e4289f75650f43efcb8daa3c682d3757", | |
"namespaces": [ | |
{ | |
"type": "pid" | |
}, | |
{ | |
"type": "ipc" | |
}, | |
{ | |
"type": "uts" | |
}, | |
{ | |
"type": "mount" | |
}, | |
{ | |
"type": "network" | |
}, | |
{ | |
"type": "cgroup" | |
} | |
], | |
"seccomp": { | |
"defaultAction": "SCMP_ACT_ERRNO", | |
"architectures": [ | |
"SCMP_ARCH_X86_64", | |
"SCMP_ARCH_X86", | |
"SCMP_ARCH_X32" | |
], | |
"syscalls": [ | |
{ | |
"names": [ | |
"accept", | |
"accept4", | |
"access", | |
"adjtimex", | |
"alarm", | |
"bind", | |
"brk", | |
"capget", | |
"capset", | |
"chdir", | |
"chmod", | |
"chown", | |
"chown32", | |
"clock_adjtime", | |
"clock_adjtime64", | |
"clock_getres", | |
"clock_getres_time64", | |
"clock_gettime", | |
"clock_gettime64", | |
"clock_nanosleep", | |
"clock_nanosleep_time64", | |
"close", | |
"close_range", | |
"connect", | |
"copy_file_range", | |
"creat", | |
"dup", | |
"dup2", | |
"dup3", | |
"epoll_create", | |
"epoll_create1", | |
"epoll_ctl", | |
"epoll_ctl_old", | |
"epoll_pwait", | |
"epoll_pwait2", | |
"epoll_wait", | |
"epoll_wait_old", | |
"eventfd", | |
"eventfd2", | |
"execve", | |
"execveat", | |
"exit", | |
"exit_group", | |
"faccessat", | |
"faccessat2", | |
"fadvise64", | |
"fadvise64_64", | |
"fallocate", | |
"fanotify_mark", | |
"fchdir", | |
"fchmod", | |
"fchmodat", | |
"fchown", | |
"fchown32", | |
"fchownat", | |
"fcntl", | |
"fcntl64", | |
"fdatasync", | |
"fgetxattr", | |
"flistxattr", | |
"flock", | |
"fork", | |
"fremovexattr", | |
"fsetxattr", | |
"fstat", | |
"fstat64", | |
"fstatat64", | |
"fstatfs", | |
"fstatfs64", | |
"fsync", | |
"ftruncate", | |
"ftruncate64", | |
"futex", | |
"futex_time64", | |
"futex_waitv", | |
"futimesat", | |
"getcpu", | |
"getcwd", | |
"getdents", | |
"getdents64", | |
"getegid", | |
"getegid32", | |
"geteuid", | |
"geteuid32", | |
"getgid", | |
"getgid32", | |
"getgroups", | |
"getgroups32", | |
"getitimer", | |
"getpeername", | |
"getpgid", | |
"getpgrp", | |
"getpid", | |
"getppid", | |
"getpriority", | |
"getrandom", | |
"getresgid", | |
"getresgid32", | |
"getresuid", | |
"getresuid32", | |
"getrlimit", | |
"get_robust_list", | |
"getrusage", | |
"getsid", | |
"getsockname", | |
"getsockopt", | |
"get_thread_area", | |
"gettid", | |
"gettimeofday", | |
"getuid", | |
"getuid32", | |
"getxattr", | |
"inotify_add_watch", | |
"inotify_init", | |
"inotify_init1", | |
"inotify_rm_watch", | |
"io_cancel", | |
"ioctl", | |
"io_destroy", | |
"io_getevents", | |
"io_pgetevents", | |
"io_pgetevents_time64", | |
"ioprio_get", | |
"ioprio_set", | |
"io_setup", | |
"io_submit", | |
"io_uring_enter", | |
"io_uring_register", | |
"io_uring_setup", | |
"ipc", | |
"kill", | |
"landlock_add_rule", | |
"landlock_create_ruleset", | |
"landlock_restrict_self", | |
"lchown", | |
"lchown32", | |
"lgetxattr", | |
"link", | |
"linkat", | |
"listen", | |
"listxattr", | |
"llistxattr", | |
"_llseek", | |
"lremovexattr", | |
"lseek", | |
"lsetxattr", | |
"lstat", | |
"lstat64", | |
"madvise", | |
"membarrier", | |
"memfd_create", | |
"memfd_secret", | |
"mincore", | |
"mkdir", | |
"mkdirat", | |
"mknod", | |
"mknodat", | |
"mlock", | |
"mlock2", | |
"mlockall", | |
"mmap", | |
"mmap2", | |
"mprotect", | |
"mq_getsetattr", | |
"mq_notify", | |
"mq_open", | |
"mq_timedreceive", | |
"mq_timedreceive_time64", | |
"mq_timedsend", | |
"mq_timedsend_time64", | |
"mq_unlink", | |
"mremap", | |
"msgctl", | |
"msgget", | |
"msgrcv", | |
"msgsnd", | |
"msync", | |
"munlock", | |
"munlockall", | |
"munmap", | |
"nanosleep", | |
"newfstatat", | |
"_newselect", | |
"open", | |
"openat", | |
"openat2", | |
"pause", | |
"pidfd_open", | |
"pidfd_send_signal", | |
"pipe", | |
"pipe2", | |
"poll", | |
"ppoll", | |
"ppoll_time64", | |
"prctl", | |
"pread64", | |
"preadv", | |
"preadv2", | |
"prlimit64", | |
"process_mrelease", | |
"pselect6", | |
"pselect6_time64", | |
"pwrite64", | |
"pwritev", | |
"pwritev2", | |
"read", | |
"readahead", | |
"readlink", | |
"readlinkat", | |
"readv", | |
"recv", | |
"recvfrom", | |
"recvmmsg", | |
"recvmmsg_time64", | |
"recvmsg", | |
"remap_file_pages", | |
"removexattr", | |
"rename", | |
"renameat", | |
"renameat2", | |
"restart_syscall", | |
"rmdir", | |
"rseq", | |
"rt_sigaction", | |
"rt_sigpending", | |
"rt_sigprocmask", | |
"rt_sigqueueinfo", | |
"rt_sigreturn", | |
"rt_sigsuspend", | |
"rt_sigtimedwait", | |
"rt_sigtimedwait_time64", | |
"rt_tgsigqueueinfo", | |
"sched_getaffinity", | |
"sched_getattr", | |
"sched_getparam", | |
"sched_get_priority_max", | |
"sched_get_priority_min", | |
"sched_getscheduler", | |
"sched_rr_get_interval", | |
"sched_rr_get_interval_time64", | |
"sched_setaffinity", | |
"sched_setattr", | |
"sched_setparam", | |
"sched_setscheduler", | |
"sched_yield", | |
"seccomp", | |
"select", | |
"semctl", | |
"semget", | |
"semop", | |
"semtimedop", | |
"semtimedop_time64", | |
"send", | |
"sendfile", | |
"sendfile64", | |
"sendmmsg", | |
"sendmsg", | |
"sendto", | |
"setfsgid", | |
"setfsgid32", | |
"setfsuid", | |
"setfsuid32", | |
"setgid", | |
"setgid32", | |
"setgroups", | |
"setgroups32", | |
"setitimer", | |
"setpgid", | |
"setpriority", | |
"setregid", | |
"setregid32", | |
"setresgid", | |
"setresgid32", | |
"setresuid", | |
"setresuid32", | |
"setreuid", | |
"setreuid32", | |
"setrlimit", | |
"set_robust_list", | |
"setsid", | |
"setsockopt", | |
"set_thread_area", | |
"set_tid_address", | |
"setuid", | |
"setuid32", | |
"setxattr", | |
"shmat", | |
"shmctl", | |
"shmdt", | |
"shmget", | |
"shutdown", | |
"sigaltstack", | |
"signalfd", | |
"signalfd4", | |
"sigprocmask", | |
"sigreturn", | |
"socket", | |
"socketcall", | |
"socketpair", | |
"splice", | |
"stat", | |
"stat64", | |
"statfs", | |
"statfs64", | |
"statx", | |
"symlink", | |
"symlinkat", | |
"sync", | |
"sync_file_range", | |
"syncfs", | |
"sysinfo", | |
"tee", | |
"tgkill", | |
"time", | |
"timer_create", | |
"timer_delete", | |
"timer_getoverrun", | |
"timer_gettime", | |
"timer_gettime64", | |
"timer_settime", | |
"timer_settime64", | |
"timerfd_create", | |
"timerfd_gettime", | |
"timerfd_gettime64", | |
"timerfd_settime", | |
"timerfd_settime64", | |
"times", | |
"tkill", | |
"truncate", | |
"truncate64", | |
"ugetrlimit", | |
"umask", | |
"uname", | |
"unlink", | |
"unlinkat", | |
"utime", | |
"utimensat", | |
"utimensat_time64", | |
"utimes", | |
"vfork", | |
"vmsplice", | |
"wait4", | |
"waitid", | |
"waitpid", | |
"write", | |
"writev" | |
], | |
"action": "SCMP_ACT_ALLOW" | |
}, | |
{ | |
"names": [ | |
"personality" | |
], | |
"action": "SCMP_ACT_ALLOW", | |
"args": [ | |
{ | |
"index": 0, | |
"value": 0, | |
"op": "SCMP_CMP_EQ" | |
} | |
] | |
}, | |
{ | |
"names": [ | |
"personality" | |
], | |
"action": "SCMP_ACT_ALLOW", | |
"args": [ | |
{ | |
"index": 0, | |
"value": 8, | |
"op": "SCMP_CMP_EQ" | |
} | |
] | |
}, | |
{ | |
"names": [ | |
"personality" | |
], | |
"action": "SCMP_ACT_ALLOW", | |
"args": [ | |
{ | |
"index": 0, | |
"value": 131072, | |
"op": "SCMP_CMP_EQ" | |
} | |
] | |
}, | |
{ | |
"names": [ | |
"personality" | |
], | |
"action": "SCMP_ACT_ALLOW", | |
"args": [ | |
{ | |
"index": 0, | |
"value": 131080, | |
"op": "SCMP_CMP_EQ" | |
} | |
] | |
}, | |
{ | |
"names": [ | |
"personality" | |
], | |
"action": "SCMP_ACT_ALLOW", | |
"args": [ | |
{ | |
"index": 0, | |
"value": 4294967295, | |
"op": "SCMP_CMP_EQ" | |
} | |
] | |
}, | |
{ | |
"names": [ | |
"arch_prctl", | |
"modify_ldt" | |
], | |
"action": "SCMP_ACT_ALLOW" | |
}, | |
{ | |
"names": [ | |
"chroot" | |
], | |
"action": "SCMP_ACT_ALLOW" | |
}, | |
{ | |
"names": [ | |
"clone" | |
], | |
"action": "SCMP_ACT_ALLOW", | |
"args": [ | |
{ | |
"index": 0, | |
"value": 2114060288, | |
"op": "SCMP_CMP_MASKED_EQ" | |
} | |
] | |
}, | |
{ | |
"names": [ | |
"clone3" | |
], | |
"action": "SCMP_ACT_ERRNO", | |
"errnoRet": 38 | |
} | |
] | |
}, | |
"maskedPaths": [ | |
"/proc/acpi", | |
"/proc/asound", | |
"/proc/kcore", | |
"/proc/keys", | |
"/proc/latency_stats", | |
"/proc/timer_list", | |
"/proc/timer_stats", | |
"/proc/sched_debug", | |
"/sys/firmware", | |
"/proc/scsi" | |
], | |
"readonlyPaths": [ | |
"/proc/bus", | |
"/proc/fs", | |
"/proc/irq", | |
"/proc/sys", | |
"/proc/sysrq-trigger" | |
] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment