diff options
Diffstat (limited to 'plugin/rpcplugin/sandbox/seccomp_linux_amd64.go')
| -rw-r--r-- | plugin/rpcplugin/sandbox/seccomp_linux_amd64.go | 301 |
1 files changed, 0 insertions, 301 deletions
diff --git a/plugin/rpcplugin/sandbox/seccomp_linux_amd64.go b/plugin/rpcplugin/sandbox/seccomp_linux_amd64.go deleted file mode 100644 index 7338ebbe0..000000000 --- a/plugin/rpcplugin/sandbox/seccomp_linux_amd64.go +++ /dev/null @@ -1,301 +0,0 @@ -// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. -// See License.txt for license information. - -package sandbox - -import ( - "golang.org/x/sys/unix" -) - -const NATIVE_AUDIT_ARCH = AUDIT_ARCH_X86_64 - -var AllowedSyscalls = []SeccompSyscall{ - {Syscall: unix.SYS_ACCEPT}, - {Syscall: unix.SYS_ACCEPT4}, - {Syscall: unix.SYS_ACCESS}, - {Syscall: unix.SYS_ADJTIMEX}, - {Syscall: unix.SYS_ALARM}, - {Syscall: unix.SYS_ARCH_PRCTL}, - {Syscall: unix.SYS_BIND}, - {Syscall: unix.SYS_BRK}, - {Syscall: unix.SYS_CAPGET}, - {Syscall: unix.SYS_CAPSET}, - {Syscall: unix.SYS_CHDIR}, - {Syscall: unix.SYS_CHMOD}, - {Syscall: unix.SYS_CHOWN}, - {Syscall: unix.SYS_CLOCK_GETRES}, - {Syscall: unix.SYS_CLOCK_GETTIME}, - {Syscall: unix.SYS_CLOCK_NANOSLEEP}, - { - Syscall: unix.SYS_CLONE, - Any: []SeccompConditions{{ - All: []SeccompCondition{SeccompArgHasNoBits{ - Arg: 0, - Mask: unix.CLONE_NEWCGROUP | unix.CLONE_NEWIPC | unix.CLONE_NEWNET | unix.CLONE_NEWNS | unix.CLONE_NEWPID | unix.CLONE_NEWUSER | unix.CLONE_NEWUTS, - }}, - }}, - }, - {Syscall: unix.SYS_CLOSE}, - {Syscall: unix.SYS_CONNECT}, - {Syscall: unix.SYS_COPY_FILE_RANGE}, - {Syscall: unix.SYS_CREAT}, - {Syscall: unix.SYS_DUP}, - {Syscall: unix.SYS_DUP2}, - {Syscall: unix.SYS_DUP3}, - {Syscall: unix.SYS_EPOLL_CREATE}, - {Syscall: unix.SYS_EPOLL_CREATE1}, - {Syscall: unix.SYS_EPOLL_CTL}, - {Syscall: unix.SYS_EPOLL_CTL_OLD}, - {Syscall: unix.SYS_EPOLL_PWAIT}, - {Syscall: unix.SYS_EPOLL_WAIT}, - {Syscall: unix.SYS_EPOLL_WAIT_OLD}, - {Syscall: unix.SYS_EVENTFD}, - {Syscall: unix.SYS_EVENTFD2}, - {Syscall: unix.SYS_EXECVE}, - {Syscall: unix.SYS_EXECVEAT}, - {Syscall: unix.SYS_EXIT}, - {Syscall: unix.SYS_EXIT_GROUP}, - {Syscall: unix.SYS_FACCESSAT}, - {Syscall: unix.SYS_FADVISE64}, - {Syscall: unix.SYS_FALLOCATE}, - {Syscall: unix.SYS_FANOTIFY_MARK}, - {Syscall: unix.SYS_FCHDIR}, - {Syscall: unix.SYS_FCHMOD}, - {Syscall: unix.SYS_FCHMODAT}, - {Syscall: unix.SYS_FCHOWN}, - {Syscall: unix.SYS_FCHOWNAT}, - {Syscall: unix.SYS_FCNTL}, - {Syscall: unix.SYS_FDATASYNC}, - {Syscall: unix.SYS_FGETXATTR}, - {Syscall: unix.SYS_FLISTXATTR}, - {Syscall: unix.SYS_FLOCK}, - {Syscall: unix.SYS_FORK}, - {Syscall: unix.SYS_FREMOVEXATTR}, - {Syscall: unix.SYS_FSETXATTR}, - {Syscall: unix.SYS_FSTAT}, - {Syscall: unix.SYS_FSTATFS}, - {Syscall: unix.SYS_FSYNC}, - {Syscall: unix.SYS_FTRUNCATE}, - {Syscall: unix.SYS_FUTEX}, - {Syscall: unix.SYS_FUTIMESAT}, - {Syscall: unix.SYS_GETCPU}, - {Syscall: unix.SYS_GETCWD}, - {Syscall: unix.SYS_GETDENTS}, - {Syscall: unix.SYS_GETDENTS64}, - {Syscall: unix.SYS_GETEGID}, - {Syscall: unix.SYS_GETEUID}, - {Syscall: unix.SYS_GETGID}, - {Syscall: unix.SYS_GETGROUPS}, - {Syscall: unix.SYS_GETITIMER}, - {Syscall: unix.SYS_GETPEERNAME}, - {Syscall: unix.SYS_GETPGID}, - {Syscall: unix.SYS_GETPGRP}, - {Syscall: unix.SYS_GETPID}, - {Syscall: unix.SYS_GETPPID}, - {Syscall: unix.SYS_GETPRIORITY}, - {Syscall: unix.SYS_GETRANDOM}, - {Syscall: unix.SYS_GETRESGID}, - {Syscall: unix.SYS_GETRESUID}, - {Syscall: unix.SYS_GETRLIMIT}, - {Syscall: unix.SYS_GET_ROBUST_LIST}, - {Syscall: unix.SYS_GETRUSAGE}, - {Syscall: unix.SYS_GETSID}, - {Syscall: unix.SYS_GETSOCKNAME}, - {Syscall: unix.SYS_GETSOCKOPT}, - {Syscall: unix.SYS_GET_THREAD_AREA}, - {Syscall: unix.SYS_GETTID}, - {Syscall: unix.SYS_GETTIMEOFDAY}, - {Syscall: unix.SYS_GETUID}, - {Syscall: unix.SYS_GETXATTR}, - {Syscall: unix.SYS_INOTIFY_ADD_WATCH}, - {Syscall: unix.SYS_INOTIFY_INIT}, - {Syscall: unix.SYS_INOTIFY_INIT1}, - {Syscall: unix.SYS_INOTIFY_RM_WATCH}, - {Syscall: unix.SYS_IO_CANCEL}, - {Syscall: unix.SYS_IOCTL}, - {Syscall: unix.SYS_IO_DESTROY}, - {Syscall: unix.SYS_IO_GETEVENTS}, - {Syscall: unix.SYS_IOPRIO_GET}, - {Syscall: unix.SYS_IOPRIO_SET}, - {Syscall: unix.SYS_IO_SETUP}, - {Syscall: unix.SYS_IO_SUBMIT}, - {Syscall: unix.SYS_KILL}, - {Syscall: unix.SYS_LCHOWN}, - {Syscall: unix.SYS_LGETXATTR}, - {Syscall: unix.SYS_LINK}, - {Syscall: unix.SYS_LINKAT}, - {Syscall: unix.SYS_LISTEN}, - {Syscall: unix.SYS_LISTXATTR}, - {Syscall: unix.SYS_LLISTXATTR}, - {Syscall: unix.SYS_LREMOVEXATTR}, - {Syscall: unix.SYS_LSEEK}, - {Syscall: unix.SYS_LSETXATTR}, - {Syscall: unix.SYS_LSTAT}, - {Syscall: unix.SYS_MADVISE}, - {Syscall: unix.SYS_MEMFD_CREATE}, - {Syscall: unix.SYS_MINCORE}, - {Syscall: unix.SYS_MKDIR}, - {Syscall: unix.SYS_MKDIRAT}, - {Syscall: unix.SYS_MKNOD}, - {Syscall: unix.SYS_MKNODAT}, - {Syscall: unix.SYS_MLOCK}, - {Syscall: unix.SYS_MLOCK2}, - {Syscall: unix.SYS_MLOCKALL}, - {Syscall: unix.SYS_MMAP}, - {Syscall: unix.SYS_MODIFY_LDT}, - {Syscall: unix.SYS_MPROTECT}, - {Syscall: unix.SYS_MQ_GETSETATTR}, - {Syscall: unix.SYS_MQ_NOTIFY}, - {Syscall: unix.SYS_MQ_OPEN}, - {Syscall: unix.SYS_MQ_TIMEDRECEIVE}, - {Syscall: unix.SYS_MQ_TIMEDSEND}, - {Syscall: unix.SYS_MQ_UNLINK}, - {Syscall: unix.SYS_MREMAP}, - {Syscall: unix.SYS_MSGCTL}, - {Syscall: unix.SYS_MSGGET}, - {Syscall: unix.SYS_MSGRCV}, - {Syscall: unix.SYS_MSGSND}, - {Syscall: unix.SYS_MSYNC}, - {Syscall: unix.SYS_MUNLOCK}, - {Syscall: unix.SYS_MUNLOCKALL}, - {Syscall: unix.SYS_MUNMAP}, - {Syscall: unix.SYS_NANOSLEEP}, - {Syscall: unix.SYS_NEWFSTATAT}, - {Syscall: unix.SYS_OPEN}, - {Syscall: unix.SYS_OPENAT}, - {Syscall: unix.SYS_PAUSE}, - { - Syscall: unix.SYS_PERSONALITY, - Any: []SeccompConditions{ - {All: []SeccompCondition{SeccompArgEquals{Arg: 0, Value: 0}}}, - {All: []SeccompCondition{SeccompArgEquals{Arg: 0, Value: 8}}}, - {All: []SeccompCondition{SeccompArgEquals{Arg: 0, Value: 0x20000}}}, - {All: []SeccompCondition{SeccompArgEquals{Arg: 0, Value: 0x20008}}}, - {All: []SeccompCondition{SeccompArgEquals{Arg: 0, Value: 0xffffffff}}}, - }, - }, - {Syscall: unix.SYS_PIPE}, - {Syscall: unix.SYS_PIPE2}, - {Syscall: unix.SYS_POLL}, - {Syscall: unix.SYS_PPOLL}, - {Syscall: unix.SYS_PRCTL}, - {Syscall: unix.SYS_PREAD64}, - {Syscall: unix.SYS_PREADV}, - {Syscall: unix.SYS_PREADV2}, - {Syscall: unix.SYS_PRLIMIT64}, - {Syscall: unix.SYS_PSELECT6}, - {Syscall: unix.SYS_PWRITE64}, - {Syscall: unix.SYS_PWRITEV}, - {Syscall: unix.SYS_PWRITEV2}, - {Syscall: unix.SYS_READ}, - {Syscall: unix.SYS_READAHEAD}, - {Syscall: unix.SYS_READLINK}, - {Syscall: unix.SYS_READLINKAT}, - {Syscall: unix.SYS_READV}, - {Syscall: unix.SYS_RECVFROM}, - {Syscall: unix.SYS_RECVMMSG}, - {Syscall: unix.SYS_RECVMSG}, - {Syscall: unix.SYS_REMAP_FILE_PAGES}, - {Syscall: unix.SYS_REMOVEXATTR}, - {Syscall: unix.SYS_RENAME}, - {Syscall: unix.SYS_RENAMEAT}, - {Syscall: unix.SYS_RENAMEAT2}, - {Syscall: unix.SYS_RESTART_SYSCALL}, - {Syscall: unix.SYS_RMDIR}, - {Syscall: unix.SYS_RT_SIGACTION}, - {Syscall: unix.SYS_RT_SIGPENDING}, - {Syscall: unix.SYS_RT_SIGPROCMASK}, - {Syscall: unix.SYS_RT_SIGQUEUEINFO}, - {Syscall: unix.SYS_RT_SIGRETURN}, - {Syscall: unix.SYS_RT_SIGSUSPEND}, - {Syscall: unix.SYS_RT_SIGTIMEDWAIT}, - {Syscall: unix.SYS_RT_TGSIGQUEUEINFO}, - {Syscall: unix.SYS_SCHED_GETAFFINITY}, - {Syscall: unix.SYS_SCHED_GETATTR}, - {Syscall: unix.SYS_SCHED_GETPARAM}, - {Syscall: unix.SYS_SCHED_GET_PRIORITY_MAX}, - {Syscall: unix.SYS_SCHED_GET_PRIORITY_MIN}, - {Syscall: unix.SYS_SCHED_GETSCHEDULER}, - {Syscall: unix.SYS_SCHED_RR_GET_INTERVAL}, - {Syscall: unix.SYS_SCHED_SETAFFINITY}, - {Syscall: unix.SYS_SCHED_SETATTR}, - {Syscall: unix.SYS_SCHED_SETPARAM}, - {Syscall: unix.SYS_SCHED_SETSCHEDULER}, - {Syscall: unix.SYS_SCHED_YIELD}, - {Syscall: unix.SYS_SECCOMP}, - {Syscall: unix.SYS_SELECT}, - {Syscall: unix.SYS_SEMCTL}, - {Syscall: unix.SYS_SEMGET}, - {Syscall: unix.SYS_SEMOP}, - {Syscall: unix.SYS_SEMTIMEDOP}, - {Syscall: unix.SYS_SENDFILE}, - {Syscall: unix.SYS_SENDMMSG}, - {Syscall: unix.SYS_SENDMSG}, - {Syscall: unix.SYS_SENDTO}, - {Syscall: unix.SYS_SETFSGID}, - {Syscall: unix.SYS_SETFSUID}, - {Syscall: unix.SYS_SETGID}, - {Syscall: unix.SYS_SETGROUPS}, - {Syscall: unix.SYS_SETITIMER}, - {Syscall: unix.SYS_SETPGID}, - {Syscall: unix.SYS_SETPRIORITY}, - {Syscall: unix.SYS_SETREGID}, - {Syscall: unix.SYS_SETRESGID}, - {Syscall: unix.SYS_SETRESUID}, - {Syscall: unix.SYS_SETREUID}, - {Syscall: unix.SYS_SETRLIMIT}, - {Syscall: unix.SYS_SET_ROBUST_LIST}, - {Syscall: unix.SYS_SETSID}, - {Syscall: unix.SYS_SETSOCKOPT}, - {Syscall: unix.SYS_SET_THREAD_AREA}, - {Syscall: unix.SYS_SET_TID_ADDRESS}, - {Syscall: unix.SYS_SETUID}, - {Syscall: unix.SYS_SETXATTR}, - {Syscall: unix.SYS_SHMAT}, - {Syscall: unix.SYS_SHMCTL}, - {Syscall: unix.SYS_SHMDT}, - {Syscall: unix.SYS_SHMGET}, - {Syscall: unix.SYS_SHUTDOWN}, - {Syscall: unix.SYS_SIGALTSTACK}, - {Syscall: unix.SYS_SIGNALFD}, - {Syscall: unix.SYS_SIGNALFD4}, - {Syscall: unix.SYS_SOCKET}, - {Syscall: unix.SYS_SOCKETPAIR}, - {Syscall: unix.SYS_SPLICE}, - {Syscall: unix.SYS_STAT}, - {Syscall: unix.SYS_STATFS}, - {Syscall: unix.SYS_SYMLINK}, - {Syscall: unix.SYS_SYMLINKAT}, - {Syscall: unix.SYS_SYNC}, - {Syscall: unix.SYS_SYNC_FILE_RANGE}, - {Syscall: unix.SYS_SYNCFS}, - {Syscall: unix.SYS_SYSINFO}, - {Syscall: unix.SYS_SYSLOG}, - {Syscall: unix.SYS_TEE}, - {Syscall: unix.SYS_TGKILL}, - {Syscall: unix.SYS_TIME}, - {Syscall: unix.SYS_TIMER_CREATE}, - {Syscall: unix.SYS_TIMER_DELETE}, - {Syscall: unix.SYS_TIMERFD_CREATE}, - {Syscall: unix.SYS_TIMERFD_GETTIME}, - {Syscall: unix.SYS_TIMERFD_SETTIME}, - {Syscall: unix.SYS_TIMER_GETOVERRUN}, - {Syscall: unix.SYS_TIMER_GETTIME}, - {Syscall: unix.SYS_TIMER_SETTIME}, - {Syscall: unix.SYS_TIMES}, - {Syscall: unix.SYS_TKILL}, - {Syscall: unix.SYS_TRUNCATE}, - {Syscall: unix.SYS_UMASK}, - {Syscall: unix.SYS_UNAME}, - {Syscall: unix.SYS_UNLINK}, - {Syscall: unix.SYS_UNLINKAT}, - {Syscall: unix.SYS_UTIME}, - {Syscall: unix.SYS_UTIMENSAT}, - {Syscall: unix.SYS_UTIMES}, - {Syscall: unix.SYS_VFORK}, - {Syscall: unix.SYS_VMSPLICE}, - {Syscall: unix.SYS_WAIT4}, - {Syscall: unix.SYS_WAITID}, - {Syscall: unix.SYS_WRITE}, - {Syscall: unix.SYS_WRITEV}, -} |