home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

my-seccomp.json (16200B)


      1 {
      2 	"defaultAction": "SCMP_ACT_ERRNO",
      3 	"defaultErrnoRet": 38,
      4 	"defaultErrno": "ENOSYS",
      5 	"archMap": [
      6 		{
      7 			"architecture": "SCMP_ARCH_X86_64",
      8 			"subArchitectures": [
      9 				"SCMP_ARCH_X86",
     10 				"SCMP_ARCH_X32"
     11 			]
     12 		},
     13 		{
     14 			"architecture": "SCMP_ARCH_AARCH64",
     15 			"subArchitectures": [
     16 				"SCMP_ARCH_ARM"
     17 			]
     18 		},
     19 		{
     20 			"architecture": "SCMP_ARCH_MIPS64",
     21 			"subArchitectures": [
     22 				"SCMP_ARCH_MIPS",
     23 				"SCMP_ARCH_MIPS64N32"
     24 			]
     25 		},
     26 		{
     27 			"architecture": "SCMP_ARCH_MIPS64N32",
     28 			"subArchitectures": [
     29 				"SCMP_ARCH_MIPS",
     30 				"SCMP_ARCH_MIPS64"
     31 			]
     32 		},
     33 		{
     34 			"architecture": "SCMP_ARCH_MIPSEL64",
     35 			"subArchitectures": [
     36 				"SCMP_ARCH_MIPSEL",
     37 				"SCMP_ARCH_MIPSEL64N32"
     38 			]
     39 		},
     40 		{
     41 			"architecture": "SCMP_ARCH_MIPSEL64N32",
     42 			"subArchitectures": [
     43 				"SCMP_ARCH_MIPSEL",
     44 				"SCMP_ARCH_MIPSEL64"
     45 			]
     46 		},
     47 		{
     48 			"architecture": "SCMP_ARCH_S390X",
     49 			"subArchitectures": [
     50 				"SCMP_ARCH_S390"
     51 			]
     52 		}
     53 	],
     54 	"syscalls": [
     55 		{
     56 			"names": [
     57 				"bdflush",
     58 				"io_pgetevents",
     59 				"kexec_file_load",
     60 				"kexec_load",
     61 				"migrate_pages",
     62 				"move_pages",
     63 				"nfsservctl",
     64 				"nice",
     65 				"oldfstat",
     66 				"oldlstat",
     67 				"oldolduname",
     68 				"oldstat",
     69 				"olduname",
     70 				"pciconfig_iobase",
     71 				"pciconfig_read",
     72 				"pciconfig_write",
     73 				"sgetmask",
     74 				"ssetmask",
     75 				"swapcontext",
     76 				"swapoff",
     77 				"swapon",
     78 				"sysfs",
     79 				"uselib",
     80 				"userfaultfd",
     81 				"ustat",
     82 				"vm86",
     83 				"vm86old",
     84 				"vmsplice"
     85 			],
     86 			"action": "SCMP_ACT_ERRNO",
     87 			"args": [],
     88 			"comment": "",
     89 			"includes": {},
     90 			"excludes": {},
     91 			"errnoRet": 1,
     92 			"errno": "EPERM"
     93 		},
     94 		{
     95 			"names": [
     96 				"_llseek",
     97 				"_newselect",
     98 				"accept",
     99 				"accept4",
    100 				"access",
    101 				"adjtimex",
    102 				"alarm",
    103 				"bind",
    104 				"brk",
    105 				"capget",
    106 				"capset",
    107 				"chdir",
    108 				"chmod",
    109 				"chown",
    110 				"chown32",
    111 				"clock_adjtime",
    112 				"clock_adjtime64",
    113 				"clock_getres",
    114 				"clock_getres_time64",
    115 				"clock_gettime",
    116 				"clock_gettime64",
    117 				"clock_nanosleep",
    118 				"clock_nanosleep_time64",
    119 				"clone",
    120 				"clone3",
    121 				"close",
    122 				"close_range",
    123 				"connect",
    124 				"copy_file_range",
    125 				"creat",
    126 				"dup",
    127 				"dup2",
    128 				"dup3",
    129 				"epoll_create",
    130 				"epoll_create1",
    131 				"epoll_ctl",
    132 				"epoll_ctl_old",
    133 				"epoll_pwait",
    134 				"epoll_pwait2",
    135 				"epoll_wait",
    136 				"epoll_wait_old",
    137 				"eventfd",
    138 				"eventfd2",
    139 				"execve",
    140 				"execveat",
    141 				"exit",
    142 				"exit_group",
    143 				"faccessat",
    144 				"faccessat2",
    145 				"fadvise64",
    146 				"fadvise64_64",
    147 				"fallocate",
    148 				"fanotify_mark",
    149 				"fchdir",
    150 				"fchmod",
    151 				"fchmodat",
    152 				"fchown",
    153 				"fchown32",
    154 				"fchownat",
    155 				"fcntl",
    156 				"fcntl64",
    157 				"fdatasync",
    158 				"fgetxattr",
    159 				"flistxattr",
    160 				"flock",
    161 				"fork",
    162 				"fremovexattr",
    163 				"fsconfig",
    164 				"fsetxattr",
    165 				"fsmount",
    166 				"fsopen",
    167 				"fspick",
    168 				"fstat",
    169 				"fstat64",
    170 				"fstatat64",
    171 				"fstatfs",
    172 				"fstatfs64",
    173 				"fsync",
    174 				"ftruncate",
    175 				"ftruncate64",
    176 				"futex",
    177 				"futex_time64",
    178 				"futimesat",
    179 				"get_robust_list",
    180 				"get_thread_area",
    181 				"getcpu",
    182 				"getcwd",
    183 				"getdents",
    184 				"getdents64",
    185 				"getegid",
    186 				"getegid32",
    187 				"geteuid",
    188 				"geteuid32",
    189 				"getgid",
    190 				"getgid32",
    191 				"getgroups",
    192 				"getgroups32",
    193 				"getitimer",
    194 				"get_mempolicy",
    195 				"getpeername",
    196 				"getpgid",
    197 				"getpgrp",
    198 				"getpid",
    199 				"getppid",
    200 				"getpriority",
    201 				"getrandom",
    202 				"getresgid",
    203 				"getresgid32",
    204 				"getresuid",
    205 				"getresuid32",
    206 				"getrlimit",
    207 				"getrusage",
    208 				"getsid",
    209 				"getsockname",
    210 				"getsockopt",
    211 				"gettid",
    212 				"gettimeofday",
    213 				"getuid",
    214 				"getuid32",
    215 				"getxattr",
    216 				"inotify_add_watch",
    217 				"inotify_init",
    218 				"inotify_init1",
    219 				"inotify_rm_watch",
    220 				"io_cancel",
    221 				"io_destroy",
    222 				"io_getevents",
    223 				"io_setup",
    224 				"io_submit",
    225 				"ioctl",
    226 				"ioprio_get",
    227 				"ioprio_set",
    228 				"ipc",
    229 				"keyctl",
    230 				"kill",
    231 				"lchown",
    232 				"lchown32",
    233 				"lgetxattr",
    234 				"link",
    235 				"linkat",
    236 				"listen",
    237 				"listxattr",
    238 				"llistxattr",
    239 				"lremovexattr",
    240 				"lseek",
    241 				"lsetxattr",
    242 				"lstat",
    243 				"lstat64",
    244 				"madvise",
    245 				"mbind",
    246 				"memfd_create",
    247 				"memfd_secret",
    248 				"mincore",
    249 				"mkdir",
    250 				"mkdirat",
    251 				"mknod",
    252 				"mknodat",
    253 				"mlock",
    254 				"mlock2",
    255 				"mlockall",
    256 				"mmap",
    257 				"mmap2",
    258 				"mount",
    259 				"move_mount",
    260 				"mprotect",
    261 				"mq_getsetattr",
    262 				"mq_notify",
    263 				"mq_open",
    264 				"mq_timedreceive",
    265 				"mq_timedreceive_time64",
    266 				"mq_timedsend",
    267 				"mq_timedsend_time64",
    268 				"mq_unlink",
    269 				"mremap",
    270 				"msgctl",
    271 				"msgget",
    272 				"msgrcv",
    273 				"msgsnd",
    274 				"msync",
    275 				"munlock",
    276 				"munlockall",
    277 				"munmap",
    278 				"name_to_handle_at",
    279 				"nanosleep",
    280 				"newfstatat",
    281 				"open",
    282 				"openat",
    283 				"openat2",
    284 				"open_tree",
    285 				"pause",
    286 				"pidfd_getfd",
    287 				"pidfd_open",
    288 				"pidfd_send_signal",
    289 				"pipe",
    290 				"pipe2",
    291 				"pivot_root",
    292 				"pkey_alloc",
    293 				"pkey_free",
    294 				"pkey_mprotect",
    295 				"poll",
    296 				"ppoll",
    297 				"ppoll_time64",
    298 				"prctl",
    299 				"pread64",
    300 				"preadv",
    301 				"preadv2",
    302 				"prlimit64",
    303 				"pselect6",
    304 				"pselect6_time64",
    305 				"pwrite64",
    306 				"pwritev",
    307 				"pwritev2",
    308 				"read",
    309 				"readahead",
    310 				"readdir",
    311 				"readlink",
    312 				"readlinkat",
    313 				"readv",
    314 				"reboot",
    315 				"recv",
    316 				"recvfrom",
    317 				"recvmmsg",
    318 				"recvmmsg_time64",
    319 				"recvmsg",
    320 				"remap_file_pages",
    321 				"removexattr",
    322 				"rename",
    323 				"renameat",
    324 				"renameat2",
    325 				"restart_syscall",
    326 				"rmdir",
    327 				"rseq",
    328 				"rt_sigaction",
    329 				"rt_sigpending",
    330 				"rt_sigprocmask",
    331 				"rt_sigqueueinfo",
    332 				"rt_sigreturn",
    333 				"rt_sigsuspend",
    334 				"rt_sigtimedwait",
    335 				"rt_sigtimedwait_time64",
    336 				"rt_tgsigqueueinfo",
    337 				"sched_get_priority_max",
    338 				"sched_get_priority_min",
    339 				"sched_getaffinity",
    340 				"sched_getattr",
    341 				"sched_getparam",
    342 				"sched_getscheduler",
    343 				"sched_rr_get_interval",
    344 				"sched_rr_get_interval_time64",
    345 				"sched_setaffinity",
    346 				"sched_setattr",
    347 				"sched_setparam",
    348 				"sched_setscheduler",
    349 				"sched_yield",
    350 				"seccomp",
    351 				"select",
    352 				"semctl",
    353 				"semget",
    354 				"semop",
    355 				"semtimedop",
    356 				"semtimedop_time64",
    357 				"send",
    358 				"sendfile",
    359 				"sendfile64",
    360 				"sendmmsg",
    361 				"sendmsg",
    362 				"sendto",
    363 				"setns",
    364 				"set_mempolicy",
    365 				"set_robust_list",
    366 				"set_thread_area",
    367 				"set_tid_address",
    368 				"setfsgid",
    369 				"setfsgid32",
    370 				"setfsuid",
    371 				"setfsuid32",
    372 				"setgid",
    373 				"setgid32",
    374 				"setgroups",
    375 				"setgroups32",
    376 				"setitimer",
    377 				"setpgid",
    378 				"setpriority",
    379 				"setregid",
    380 				"setregid32",
    381 				"setresgid",
    382 				"setresgid32",
    383 				"setresuid",
    384 				"setresuid32",
    385 				"setreuid",
    386 				"setreuid32",
    387 				"setrlimit",
    388 				"setsid",
    389 				"setsockopt",
    390 				"setuid",
    391 				"setuid32",
    392 				"setxattr",
    393 				"shmat",
    394 				"shmctl",
    395 				"shmdt",
    396 				"shmget",
    397 				"shutdown",
    398 				"sigaltstack",
    399 				"signalfd",
    400 				"signalfd4",
    401 				"sigreturn",
    402 				"socketcall",
    403 				"socketpair",
    404 				"splice",
    405 				"stat",
    406 				"stat64",
    407 				"statfs",
    408 				"statfs64",
    409 				"statx",
    410 				"symlink",
    411 				"symlinkat",
    412 				"sync",
    413 				"sync_file_range",
    414 				"syncfs",
    415 				"sysinfo",
    416 				"syslog",
    417 				"tee",
    418 				"tgkill",
    419 				"time",
    420 				"timer_create",
    421 				"timer_delete",
    422 				"timer_getoverrun",
    423 				"timer_gettime",
    424 				"timer_gettime64",
    425 				"timer_settime",
    426 				"timer_settime64",
    427 				"timerfd_create",
    428 				"timerfd_gettime",
    429 				"timerfd_gettime64",
    430 				"timerfd_settime",
    431 				"timerfd_settime64",
    432 				"times",
    433 				"tkill",
    434 				"truncate",
    435 				"truncate64",
    436 				"ugetrlimit",
    437 				"umask",
    438 				"umount",
    439 				"umount2",
    440 				"uname",
    441 				"unlink",
    442 				"unlinkat",
    443 				"unshare",
    444 				"utime",
    445 				"utimensat",
    446 				"utimensat_time64",
    447 				"utimes",
    448 				"vfork",
    449 				"wait4",
    450 				"waitid",
    451 				"waitpid",
    452 				"write",
    453 				"writev"
    454 			],
    455 			"action": "SCMP_ACT_ALLOW",
    456 			"args": [],
    457 			"comment": "",
    458 			"includes": {},
    459 			"excludes": {}
    460 		},
    461 		{
    462 			"names": [
    463 				"personality"
    464 			],
    465 			"action": "SCMP_ACT_ALLOW",
    466 			"args": [
    467 				{
    468 					"index": 0,
    469 					"value": 0,
    470 					"valueTwo": 0,
    471 					"op": "SCMP_CMP_EQ"
    472 				}
    473 			],
    474 			"comment": "",
    475 			"includes": {},
    476 			"excludes": {}
    477 		},
    478 		{
    479 			"names": [
    480 				"personality"
    481 			],
    482 			"action": "SCMP_ACT_ALLOW",
    483 			"args": [
    484 				{
    485 					"index": 0,
    486 					"value": 8,
    487 					"valueTwo": 0,
    488 					"op": "SCMP_CMP_EQ"
    489 				}
    490 			],
    491 			"comment": "",
    492 			"includes": {},
    493 			"excludes": {}
    494 		},
    495 		{
    496 			"names": [
    497 				"personality"
    498 			],
    499 			"action": "SCMP_ACT_ALLOW",
    500 			"args": [
    501 				{
    502 					"index": 0,
    503 					"value": 131072,
    504 					"valueTwo": 0,
    505 					"op": "SCMP_CMP_EQ"
    506 				}
    507 			],
    508 			"comment": "",
    509 			"includes": {},
    510 			"excludes": {}
    511 		},
    512 		{
    513 			"names": [
    514 				"personality"
    515 			],
    516 			"action": "SCMP_ACT_ALLOW",
    517 			"args": [
    518 				{
    519 					"index": 0,
    520 					"value": 131080,
    521 					"valueTwo": 0,
    522 					"op": "SCMP_CMP_EQ"
    523 				}
    524 			],
    525 			"comment": "",
    526 			"includes": {},
    527 			"excludes": {}
    528 		},
    529 		{
    530 			"names": [
    531 				"personality"
    532 			],
    533 			"action": "SCMP_ACT_ALLOW",
    534 			"args": [
    535 				{
    536 					"index": 0,
    537 					"value": 4294967295,
    538 					"valueTwo": 0,
    539 					"op": "SCMP_CMP_EQ"
    540 				}
    541 			],
    542 			"comment": "",
    543 			"includes": {},
    544 			"excludes": {}
    545 		},
    546 		{
    547 			"names": [
    548 				"sync_file_range2"
    549 			],
    550 			"action": "SCMP_ACT_ALLOW",
    551 			"args": [],
    552 			"comment": "",
    553 			"includes": {
    554 				"arches": [
    555 					"ppc64le"
    556 				]
    557 			},
    558 			"excludes": {}
    559 		},
    560 		{
    561 			"names": [
    562 				"arm_fadvise64_64",
    563 				"arm_sync_file_range",
    564 				"sync_file_range2",
    565 				"breakpoint",
    566 				"cacheflush",
    567 				"set_tls"
    568 			],
    569 			"action": "SCMP_ACT_ALLOW",
    570 			"args": [],
    571 			"comment": "",
    572 			"includes": {
    573 				"arches": [
    574 					"arm",
    575 					"arm64"
    576 				]
    577 			},
    578 			"excludes": {}
    579 		},
    580 		{
    581 			"names": [
    582 				"arch_prctl"
    583 			],
    584 			"action": "SCMP_ACT_ALLOW",
    585 			"args": [],
    586 			"comment": "",
    587 			"includes": {
    588 				"arches": [
    589 					"amd64",
    590 					"x32"
    591 				]
    592 			},
    593 			"excludes": {}
    594 		},
    595 		{
    596 			"names": [
    597 				"modify_ldt"
    598 			],
    599 			"action": "SCMP_ACT_ALLOW",
    600 			"args": [],
    601 			"comment": "",
    602 			"includes": {
    603 				"arches": [
    604 					"amd64",
    605 					"x32",
    606 					"x86"
    607 				]
    608 			},
    609 			"excludes": {}
    610 		},
    611 		{
    612 			"names": [
    613 				"s390_pci_mmio_read",
    614 				"s390_pci_mmio_write",
    615 				"s390_runtime_instr"
    616 			],
    617 			"action": "SCMP_ACT_ALLOW",
    618 			"args": [],
    619 			"comment": "",
    620 			"includes": {
    621 				"arches": [
    622 					"s390",
    623 					"s390x"
    624 				]
    625 			},
    626 			"excludes": {}
    627 		},
    628 		{
    629 			"names": [
    630 				"open_by_handle_at"
    631 			],
    632 			"action": "SCMP_ACT_ALLOW",
    633 			"args": [],
    634 			"comment": "",
    635 			"includes": {
    636 				"caps": [
    637 					"CAP_DAC_READ_SEARCH"
    638 				]
    639 			},
    640 			"excludes": {}
    641 		},
    642 		{
    643 			"names": [
    644 				"open_by_handle_at"
    645 			],
    646 			"action": "SCMP_ACT_ERRNO",
    647 			"args": [],
    648 			"comment": "",
    649 			"includes": {},
    650 			"excludes": {
    651 				"caps": [
    652 					"CAP_DAC_READ_SEARCH"
    653 				]
    654 			},
    655 			"errnoRet": 1,
    656 			"errno": "EPERM"
    657 		},
    658 		{
    659 			"names": [
    660 				"bpf",
    661 				"fanotify_init",
    662 				"lookup_dcookie",
    663 				"perf_event_open",
    664 				"quotactl",
    665 				"setdomainname",
    666 				"sethostname",
    667 				"setns"
    668 			],
    669 			"action": "SCMP_ACT_ALLOW",
    670 			"args": [],
    671 			"comment": "",
    672 			"includes": {
    673 				"caps": [
    674 					"CAP_SYS_ADMIN"
    675 				]
    676 			},
    677 			"excludes": {}
    678 		},
    679 		{
    680 			"names": [
    681 				"bpf",
    682 				"fanotify_init",
    683 				"lookup_dcookie",
    684 				"perf_event_open",
    685 				"quotactl",
    686 				"setdomainname",
    687 				"sethostname",
    688 				"setns"
    689 			],
    690 			"action": "SCMP_ACT_ERRNO",
    691 			"args": [],
    692 			"comment": "",
    693 			"includes": {},
    694 			"excludes": {
    695 				"caps": [
    696 					"CAP_SYS_ADMIN"
    697 				]
    698 			},
    699 			"errnoRet": 1,
    700 			"errno": "EPERM"
    701 		},
    702 		{
    703 			"names": [
    704 				"chroot"
    705 			],
    706 			"action": "SCMP_ACT_ALLOW",
    707 			"args": [],
    708 			"comment": "",
    709 			"includes": {
    710 				"caps": [
    711 					"CAP_SYS_CHROOT"
    712 				]
    713 			},
    714 			"excludes": {}
    715 		},
    716 		{
    717 			"names": [
    718 				"chroot"
    719 			],
    720 			"action": "SCMP_ACT_ERRNO",
    721 			"args": [],
    722 			"comment": "",
    723 			"includes": {},
    724 			"excludes": {
    725 				"caps": [
    726 					"CAP_SYS_CHROOT"
    727 				]
    728 			},
    729 			"errnoRet": 1,
    730 			"errno": "EPERM"
    731 		},
    732 		{
    733 			"names": [
    734 				"delete_module",
    735 				"init_module",
    736 				"finit_module",
    737 				"query_module"
    738 			],
    739 			"action": "SCMP_ACT_ALLOW",
    740 			"args": [],
    741 			"comment": "",
    742 			"includes": {
    743 				"caps": [
    744 					"CAP_SYS_MODULE"
    745 				]
    746 			},
    747 			"excludes": {}
    748 		},
    749 		{
    750 			"names": [
    751 				"delete_module",
    752 				"init_module",
    753 				"finit_module",
    754 				"query_module"
    755 			],
    756 			"action": "SCMP_ACT_ERRNO",
    757 			"args": [],
    758 			"comment": "",
    759 			"includes": {},
    760 			"excludes": {
    761 				"caps": [
    762 					"CAP_SYS_MODULE"
    763 				]
    764 			},
    765 			"errnoRet": 1,
    766 			"errno": "EPERM"
    767 		},
    768 		{
    769 			"names": [
    770 				"acct"
    771 			],
    772 			"action": "SCMP_ACT_ALLOW",
    773 			"args": [],
    774 			"comment": "",
    775 			"includes": {
    776 				"caps": [
    777 					"CAP_SYS_PACCT"
    778 				]
    779 			},
    780 			"excludes": {}
    781 		},
    782 		{
    783 			"names": [
    784 				"acct"
    785 			],
    786 			"action": "SCMP_ACT_ERRNO",
    787 			"args": [],
    788 			"comment": "",
    789 			"includes": {},
    790 			"excludes": {
    791 				"caps": [
    792 					"CAP_SYS_PACCT"
    793 				]
    794 			},
    795 			"errnoRet": 1,
    796 			"errno": "EPERM"
    797 		},
    798 		{
    799 			"names": [
    800 				"kcmp",
    801 				"process_madvise",
    802 				"process_vm_readv",
    803 				"process_vm_writev",
    804 				"ptrace"
    805 			],
    806 			"action": "SCMP_ACT_ALLOW",
    807 			"args": [],
    808 			"comment": "",
    809 			"includes": {
    810 				"caps": [
    811 					"CAP_SYS_PTRACE"
    812 				]
    813 			},
    814 			"excludes": {}
    815 		},
    816 		{
    817 			"names": [
    818 				"kcmp",
    819 				"process_madvise",
    820 				"process_vm_readv",
    821 				"process_vm_writev",
    822 				"ptrace"
    823 			],
    824 			"action": "SCMP_ACT_ERRNO",
    825 			"args": [],
    826 			"comment": "",
    827 			"includes": {},
    828 			"excludes": {
    829 				"caps": [
    830 					"CAP_SYS_PTRACE"
    831 				]
    832 			},
    833 			"errnoRet": 1,
    834 			"errno": "EPERM"
    835 		},
    836 		{
    837 			"names": [
    838 				"iopl",
    839 				"ioperm"
    840 			],
    841 			"action": "SCMP_ACT_ALLOW",
    842 			"args": [],
    843 			"comment": "",
    844 			"includes": {
    845 				"caps": [
    846 					"CAP_SYS_RAWIO"
    847 				]
    848 			},
    849 			"excludes": {}
    850 		},
    851 		{
    852 			"names": [
    853 				"iopl",
    854 				"ioperm"
    855 			],
    856 			"action": "SCMP_ACT_ERRNO",
    857 			"args": [],
    858 			"comment": "",
    859 			"includes": {},
    860 			"excludes": {
    861 				"caps": [
    862 					"CAP_SYS_RAWIO"
    863 				]
    864 			},
    865 			"errnoRet": 1,
    866 			"errno": "EPERM"
    867 		},
    868 		{
    869 			"names": [
    870 				"settimeofday",
    871 				"stime",
    872 				"clock_settime",
    873 				"clock_settime64"
    874 			],
    875 			"action": "SCMP_ACT_ALLOW",
    876 			"args": [],
    877 			"comment": "",
    878 			"includes": {
    879 				"caps": [
    880 					"CAP_SYS_TIME"
    881 				]
    882 			},
    883 			"excludes": {}
    884 		},
    885 		{
    886 			"names": [
    887 				"settimeofday",
    888 				"stime",
    889 				"clock_settime",
    890 				"clock_settime64"
    891 			],
    892 			"action": "SCMP_ACT_ERRNO",
    893 			"args": [],
    894 			"comment": "",
    895 			"includes": {},
    896 			"excludes": {
    897 				"caps": [
    898 					"CAP_SYS_TIME"
    899 				]
    900 			},
    901 			"errnoRet": 1,
    902 			"errno": "EPERM"
    903 		},
    904 		{
    905 			"names": [
    906 				"vhangup"
    907 			],
    908 			"action": "SCMP_ACT_ALLOW",
    909 			"args": [],
    910 			"comment": "",
    911 			"includes": {
    912 				"caps": [
    913 					"CAP_SYS_TTY_CONFIG"
    914 				]
    915 			},
    916 			"excludes": {}
    917 		},
    918 		{
    919 			"names": [
    920 				"vhangup"
    921 			],
    922 			"action": "SCMP_ACT_ERRNO",
    923 			"args": [],
    924 			"comment": "",
    925 			"includes": {},
    926 			"excludes": {
    927 				"caps": [
    928 					"CAP_SYS_TTY_CONFIG"
    929 				]
    930 			},
    931 			"errnoRet": 1,
    932 			"errno": "EPERM"
    933 		},
    934 		{
    935 			"names": [
    936 				"socket"
    937 			],
    938 			"action": "SCMP_ACT_ERRNO",
    939 			"args": [
    940 				{
    941 					"index": 0,
    942 					"value": 16,
    943 					"valueTwo": 0,
    944 					"op": "SCMP_CMP_EQ"
    945 				},
    946 				{
    947 					"index": 2,
    948 					"value": 9,
    949 					"valueTwo": 0,
    950 					"op": "SCMP_CMP_EQ"
    951 				}
    952 			],
    953 			"comment": "",
    954 			"includes": {},
    955 			"excludes": {
    956 				"caps": [
    957 					"CAP_AUDIT_WRITE"
    958 				]
    959 			},
    960 			"errnoRet": 22,
    961 			"errno": "EINVAL"
    962 		},
    963 		{
    964 			"names": [
    965 				"socket"
    966 			],
    967 			"action": "SCMP_ACT_ALLOW",
    968 			"args": [
    969 				{
    970 					"index": 2,
    971 					"value": 9,
    972 					"valueTwo": 0,
    973 					"op": "SCMP_CMP_NE"
    974 				}
    975 			],
    976 			"comment": "",
    977 			"includes": {},
    978 			"excludes": {
    979 				"caps": [
    980 					"CAP_AUDIT_WRITE"
    981 				]
    982 			}
    983 		},
    984 		{
    985 			"names": [
    986 				"socket"
    987 			],
    988 			"action": "SCMP_ACT_ALLOW",
    989 			"args": [
    990 				{
    991 					"index": 0,
    992 					"value": 16,
    993 					"valueTwo": 0,
    994 					"op": "SCMP_CMP_NE"
    995 				}
    996 			],
    997 			"comment": "",
    998 			"includes": {},
    999 			"excludes": {
   1000 				"caps": [
   1001 					"CAP_AUDIT_WRITE"
   1002 				]
   1003 			}
   1004 		},
   1005 		{
   1006 			"names": [
   1007 				"socket"
   1008 			],
   1009 			"action": "SCMP_ACT_ALLOW",
   1010 			"args": [
   1011 				{
   1012 					"index": 2,
   1013 					"value": 9,
   1014 					"valueTwo": 0,
   1015 					"op": "SCMP_CMP_NE"
   1016 				}
   1017 			],
   1018 			"comment": "",
   1019 			"includes": {},
   1020 			"excludes": {
   1021 				"caps": [
   1022 					"CAP_AUDIT_WRITE"
   1023 				]
   1024 			}
   1025 		},
   1026 		{
   1027 			"names": [
   1028 				"socket"
   1029 			],
   1030 			"action": "SCMP_ACT_ALLOW",
   1031 			"args": null,
   1032 			"comment": "",
   1033 			"includes": {
   1034 				"caps": [
   1035 					"CAP_AUDIT_WRITE"
   1036 				]
   1037 			},
   1038 			"excludes": {}
   1039 		}
   1040 	]
   1041 }