-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconfig.yml
58 lines (58 loc) · 910 Bytes
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
defaultAction: SCMP_ACT_ERRNO
architectures:
- SCMP_ARCH_X86_64
- SCMP_ARCH_X86
# System calls from the default docker ruleset, they should be blocked anyway
defaultDeny:
- acct
- add_key
- adjtimex
- bpf
- clock_adjtime
- clock_settime
- clone
- create_module
- delete_module
- finit_module
- get_kernel_syms
- get_mempolicy
- init_module
- ioperm
- iopl
- kcmp
- kexec_file_load
- kexec_load
- keyctl
- lookup_dcookie
- mbind
- mount
- move_pages
- name_to_handle_at
- nfsservctl
- open_by_handle_at
- perf_event_open
- personality
- pivot_root
- process_vm_readv
- process_vm_writev
- ptrace
- query_module
- quotactl
- reboot
- request_key
- set_mempolicy
- setns
- settimeofday
- stime
- swapon
- swapoff
- sysfs
- _sysctl
- umount
- umount2
- unshare
- uselib
- userfaultfd
- ustat
- vm86
- vm86