seccomp-tools 1.1.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +112 -30
  3. data/bin/seccomp-tools +1 -0
  4. data/ext/ptrace/extconf.rb +2 -0
  5. data/ext/ptrace/ptrace.c +107 -5
  6. data/lib/seccomp-tools.rb +5 -0
  7. data/lib/seccomp-tools/asm/asm.rb +5 -2
  8. data/lib/seccomp-tools/asm/compiler.rb +96 -18
  9. data/lib/seccomp-tools/asm/tokenizer.rb +25 -8
  10. data/lib/seccomp-tools/bpf.rb +7 -4
  11. data/lib/seccomp-tools/cli/asm.rb +16 -6
  12. data/lib/seccomp-tools/cli/base.rb +10 -4
  13. data/lib/seccomp-tools/cli/cli.rb +9 -6
  14. data/lib/seccomp-tools/cli/disasm.rb +6 -2
  15. data/lib/seccomp-tools/cli/dump.rb +37 -6
  16. data/lib/seccomp-tools/cli/emu.rb +41 -22
  17. data/lib/seccomp-tools/const.rb +47 -16
  18. data/lib/seccomp-tools/consts/sys_arg.rb +432 -0
  19. data/lib/seccomp-tools/consts/sys_nr/aarch64.rb +284 -0
  20. data/lib/seccomp-tools/consts/{amd64.rb → sys_nr/amd64.rb} +6 -1
  21. data/lib/seccomp-tools/consts/{i386.rb → sys_nr/i386.rb} +18 -15
  22. data/lib/seccomp-tools/disasm/context.rb +125 -34
  23. data/lib/seccomp-tools/disasm/disasm.rb +5 -2
  24. data/lib/seccomp-tools/dumper.rb +75 -8
  25. data/lib/seccomp-tools/emulator.rb +19 -8
  26. data/lib/seccomp-tools/instruction/alu.rb +7 -2
  27. data/lib/seccomp-tools/instruction/base.rb +5 -3
  28. data/lib/seccomp-tools/instruction/instruction.rb +2 -0
  29. data/lib/seccomp-tools/instruction/jmp.rb +28 -14
  30. data/lib/seccomp-tools/instruction/ld.rb +28 -12
  31. data/lib/seccomp-tools/instruction/ldx.rb +2 -0
  32. data/lib/seccomp-tools/instruction/misc.rb +2 -0
  33. data/lib/seccomp-tools/instruction/ret.rb +14 -2
  34. data/lib/seccomp-tools/instruction/st.rb +4 -2
  35. data/lib/seccomp-tools/instruction/stx.rb +2 -0
  36. data/lib/seccomp-tools/logger.rb +40 -0
  37. data/lib/seccomp-tools/syscall.rb +24 -13
  38. data/lib/seccomp-tools/templates/asm.amd64.asm +26 -0
  39. data/lib/seccomp-tools/templates/asm.c +17 -0
  40. data/lib/seccomp-tools/templates/asm.i386.asm +33 -0
  41. data/lib/seccomp-tools/util.rb +24 -3
  42. data/lib/seccomp-tools/version.rb +3 -1
  43. metadata +51 -44
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'seccomp-tools/cli/asm'
2
4
  require 'seccomp-tools/cli/disasm'
3
5
  require 'seccomp-tools/cli/dump'
@@ -9,9 +11,9 @@ module SeccompTools
9
11
  module CLI
10
12
  # Handled commands
11
13
  COMMANDS = {
12
- 'dump' => SeccompTools::CLI::Dump,
13
- 'disasm' => SeccompTools::CLI::Disasm,
14
14
  'asm' => SeccompTools::CLI::Asm,
15
+ 'disasm' => SeccompTools::CLI::Disasm,
16
+ 'dump' => SeccompTools::CLI::Dump,
15
17
  'emu' => SeccompTools::CLI::Emu
16
18
  }.freeze
17
19
 
@@ -23,19 +25,19 @@ List of commands:
23
25
 
24
26
  %COMMANDS
25
27
 
26
- See 'seccomp-tools --help <command>' to read about a specific subcommand.
28
+ See 'seccomp-tools <command> --help' to read about a specific subcommand.
27
29
  EOS
28
30
 
29
31
  module_function
30
32
 
31
- # Main work method for CLI.
33
+ # Main working method of CLI.
32
34
  # @param [Array<String>] argv
33
35
  # Command line arguments.
34
36
  # @return [void]
35
37
  # @example
36
- # work(argv: %w[--help])
38
+ # work(%w[--help])
37
39
  # #=> # usage message
38
- # work(argv: %w[--version])
40
+ # work(%w[--version])
39
41
  # #=> # version message
40
42
  def work(argv)
41
43
  # all -h equivalent to --help
@@ -51,6 +53,7 @@ EOS
51
53
  cmd = argv.shift
52
54
  argv = %w[--help] if preoption.include?('--help')
53
55
  return show(invalid(cmd)) if COMMANDS[cmd].nil?
56
+
54
57
  COMMANDS[cmd].new(argv).handle
55
58
  end
56
59
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'seccomp-tools/cli/base'
2
4
  require 'seccomp-tools/disasm/disasm'
3
5
 
@@ -6,9 +8,9 @@ module SeccompTools
6
8
  # Handle 'disasm' command.
7
9
  class Disasm < Base
8
10
  # Summary of this command.
9
- SUMMARY = 'Disassemble seccomp bpf.'.freeze
11
+ SUMMARY = 'Disassemble seccomp bpf.'
10
12
  # Usage of this command.
11
- USAGE = ('disasm - ' + SUMMARY + "\n\n" + 'Usage: seccomp-tools disasm BPF_FILE [options]').freeze
13
+ USAGE = "disasm - #{SUMMARY}\n\nUsage: seccomp-tools disasm BPF_FILE [options]"
12
14
 
13
15
  # Define option parser.
14
16
  # @return [OptionParser]
@@ -27,8 +29,10 @@ module SeccompTools
27
29
  # @return [void]
28
30
  def handle
29
31
  return unless super
32
+
30
33
  option[:ifile] = argv.shift
31
34
  return CLI.show(parser.help) if option[:ifile].nil?
35
+
32
36
  output { SeccompTools::Disasm.disasm(input, arch: option[:arch]) }
33
37
  end
34
38
  end
@@ -1,20 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'shellwords'
4
+
1
5
  require 'seccomp-tools/cli/base'
2
6
  require 'seccomp-tools/disasm/disasm'
3
7
  require 'seccomp-tools/dumper'
8
+ require 'seccomp-tools/logger'
4
9
 
5
10
  module SeccompTools
6
11
  module CLI
7
12
  # Handle 'dump' command.
8
13
  class Dump < Base
9
14
  # Summary of this command.
10
- SUMMARY = 'Automatically dump seccomp bpf from execution file.'.freeze
15
+ SUMMARY = 'Automatically dump seccomp bpf from execution file(s).'
11
16
  # Usage of this command.
12
- USAGE = ('dump - ' + SUMMARY + "\n\n" + 'Usage: seccomp-tools dump [exec] [options]').freeze
17
+ USAGE = "dump - #{SUMMARY}\nNOTE : This function is only available on Linux." \
18
+ "\n\nUsage: seccomp-tools dump [exec] [options]"
13
19
 
14
20
  def initialize(*)
15
21
  super
16
22
  option[:format] = :disasm
17
23
  option[:limit] = 1
24
+ option[:pid] = nil
18
25
  end
19
26
 
20
27
  # Define option parser.
@@ -23,7 +30,8 @@ module SeccompTools
23
30
  @parser ||= OptionParser.new do |opt|
24
31
  opt.banner = usage
25
32
  opt.on('-c', '--sh-exec <command>', 'Executes the given command (via sh).',
26
- 'Use this option if want to pass arguments or do pipe things to the execution file.') do |command|
33
+ 'Use this option if want to pass arguments or do pipe things to the execution file.',
34
+ 'e.g. use `-c "./bin > /dev/null"` to dump seccomp without being mixed with stdout.') do |command|
27
35
  option[:command] = command
28
36
  end
29
37
 
@@ -45,21 +53,44 @@ module SeccompTools
45
53
  'For example, "--output out.bpf" and the output files are out.bpf, out_1.bpf, ...') do |o|
46
54
  option[:ofile] = o
47
55
  end
56
+
57
+ opt.on('-p', '--pid PID', 'Dump installed seccomp filters of the existing process.',
58
+ 'You must have CAP_SYS_ADMIN (e.g. be root) in order to use this option.',
59
+ Integer) do |p|
60
+ option[:pid] = p
61
+ end
48
62
  end
49
63
  end
50
64
 
51
65
  # Handle options.
52
66
  # @return [void]
53
67
  def handle
68
+ return Logger.error('Dump is only available on Linux.') unless Dumper::SUPPORTED
54
69
  return unless super
55
- option[:command] = argv.shift unless argv.empty?
56
- SeccompTools::Dumper.dump('/bin/sh', '-c', option[:command], limit: option[:limit]) do |bpf, arch|
70
+
71
+ block = lambda do |bpf, arch|
57
72
  case option[:format]
58
- when :inspect then output { '"' + bpf.bytes.map { |b| format('\\x%02X', b) }.join + "\"\n" }
73
+ when :inspect then output { "\"#{bpf.bytes.map { |b| format('\\x%02X', b) }.join}\"\n" }
59
74
  when :raw then output { bpf }
60
75
  when :disasm then output { SeccompTools::Disasm.disasm(bpf, arch: arch) }
61
76
  end
62
77
  end
78
+ if option[:pid].nil?
79
+ option[:command] = argv.shift unless argv.empty?
80
+ SeccompTools::Dumper.dump('/bin/sh', '-c', option[:command], limit: option[:limit], &block)
81
+ else
82
+ begin
83
+ SeccompTools::Dumper.dump_by_pid(option[:pid], option[:limit], &block)
84
+ rescue Errno::EPERM, Errno::EACCES => e
85
+ Logger.error(<<~EOS)
86
+ #{e}
87
+ PTRACE_SECCOMP_GET_FILTER requires CAP_SYS_ADMIN
88
+ Try:
89
+ sudo env "PATH=$PATH" #{(%w[seccomp-tools] + ARGV).shelljoin}
90
+ EOS
91
+ exit(1)
92
+ end
93
+ end
63
94
  end
64
95
  end
65
96
  end
@@ -1,6 +1,9 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'set'
2
4
 
3
5
  require 'seccomp-tools/cli/base'
6
+ require 'seccomp-tools/const'
4
7
  require 'seccomp-tools/disasm/disasm'
5
8
  require 'seccomp-tools/emulator'
6
9
  require 'seccomp-tools/util'
@@ -10,12 +13,9 @@ module SeccompTools
10
13
  # Handle 'emu' command.
11
14
  class Emu < Base
12
15
  # Summary of this command.
13
- SUMMARY = 'Emulate seccomp rules.'.freeze
16
+ SUMMARY = 'Emulate seccomp rules.'
14
17
  # Usage of this command.
15
- USAGE = ('emu - ' +
16
- SUMMARY +
17
- "\n\n" \
18
- 'Usage: seccomp-tools emu [options] BPF_FILE [sys_nr [arg0 [arg1 ... arg5]]]').freeze
18
+ USAGE = "emu - #{SUMMARY}\n\nUsage: seccomp-tools emu [options] BPF_FILE [sys_nr [arg0 [arg1 ... arg5]]]"
19
19
 
20
20
  def initialize(*)
21
21
  super
@@ -40,13 +40,14 @@ module SeccompTools
40
40
  # @return [void]
41
41
  def handle
42
42
  return unless super
43
+
43
44
  option[:ifile] = argv.shift
44
45
  return CLI.show(parser.help) if option[:ifile].nil?
46
+
45
47
  raw = input
46
48
  insts = SeccompTools::Disasm.to_bpf(raw, option[:arch]).map(&:inst)
47
- disasm = SeccompTools::Disasm.disasm(raw, arch: option[:arch])
48
49
  sys, *args = argv
49
- sys = Integer(sys) if sys
50
+ sys = evaluate_sys_nr(sys) if sys
50
51
  args.map! { |v| Integer(v) }
51
52
  trace = Set.new
52
53
  res = SeccompTools::Emulator.new(insts, sys_nr: sys, args: args, arch: option[:arch]).run do |ctx|
@@ -54,26 +55,44 @@ module SeccompTools
54
55
  end
55
56
 
56
57
  if option[:verbose] >= 1
57
- disasm = disasm.lines
58
- output { disasm.shift }
59
- output { disasm.shift }
60
- disasm.each_with_index do |line, idx|
61
- output do
62
- next line if trace.member?(idx)
63
- Util.colorize(line, t: :gray)
64
- end
65
- # Too much remain, omit them.
66
- rem = disasm.size - idx - 1
67
- break output { Util.colorize("... (omitting #{rem} lines)\n", t: :gray) } if rem > 3 && idx > res[:pc] + 4
68
- end
69
- output { "\n" }
58
+ disasm = SeccompTools::Disasm.disasm(raw, arch: option[:arch]).lines
59
+ output_emulate_path(disasm, trace, res)
70
60
  end
71
61
  output do
72
- ret_type = Const::BPF::ACTION.invert[res[:ret] & 0x7fff0000]
73
- errno = ret_type == :ERRNO ? "(#{res[:ret] & 0xffff})" : ''
62
+ ret_type = Const::BPF::ACTION.invert[res[:ret] & Const::BPF::SECCOMP_RET_ACTION_FULL]
63
+ errno = ret_type == :ERRNO ? "(#{res[:ret] & Const::BPF::SECCOMP_RET_DATA})" : ''
74
64
  format("return %s%s at line %04d\n", ret_type, errno, res[:pc])
75
65
  end
76
66
  end
67
+
68
+ private
69
+
70
+ # @param [String] str
71
+ # @return [Integer]
72
+ def evaluate_sys_nr(str)
73
+ consts = SeccompTools::Const::Syscall.const_get(option[:arch].to_s.upcase)
74
+ consts[str.to_sym] || Integer(str)
75
+ end
76
+
77
+ # output the path during emulation
78
+ # @param [Array<String>] disasm
79
+ # @param [Set] trace
80
+ # @param [{Symbol => Object}] result
81
+ def output_emulate_path(disasm, trace, result)
82
+ output { disasm.shift }
83
+ output { disasm.shift }
84
+ disasm.each_with_index do |line, idx|
85
+ output do
86
+ next line if trace.member?(idx)
87
+
88
+ Util.colorize(line, t: :gray)
89
+ end
90
+ # Too much remain, omit them.
91
+ rem = disasm.size - idx - 1
92
+ break output { Util.colorize("... (omitting #{rem} lines)\n", t: :gray) } if rem > 3 && idx > result[:pc] + 4
93
+ end
94
+ output { "\n" }
95
+ end
77
96
  end
78
97
  end
79
98
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module SeccompTools
2
4
  # Define constant values.
3
5
  module Const
@@ -12,24 +14,34 @@ module SeccompTools
12
14
  # filter mode
13
15
  SECCOMP_MODE_FILTER = 2
14
16
 
17
+ # For syscall +seccomp+
18
+ SECCOMP_SET_MODE_FILTER = 1
19
+
20
+ # Masks for the return value sections.
21
+
22
+ # mask of return action
23
+ SECCOMP_RET_ACTION_FULL = 0xffff0000
24
+ # mask of return data
25
+ SECCOMP_RET_DATA = 0x0000ffff
26
+
15
27
  # bpf command classes
16
28
  COMMAND = {
17
- ld: 0x0,
18
- ldx: 0x1,
19
- st: 0x2,
20
- stx: 0x3,
21
- alu: 0x4,
22
- jmp: 0x5,
23
- ret: 0x6,
29
+ ld: 0x0,
30
+ ldx: 0x1,
31
+ st: 0x2,
32
+ stx: 0x3,
33
+ alu: 0x4,
34
+ jmp: 0x5,
35
+ ret: 0x6,
24
36
  misc: 0x7
25
37
  }.freeze
26
38
 
27
39
  # types in jmp command
28
40
  JMP = {
29
- ja: 0x00,
30
- jeq: 0x10,
31
- jgt: 0x20,
32
- jge: 0x30,
41
+ ja: 0x00,
42
+ jeq: 0x10,
43
+ jgt: 0x20,
44
+ jge: 0x30,
33
45
  jset: 0x40
34
46
  }.freeze
35
47
 
@@ -42,9 +54,13 @@ module SeccompTools
42
54
 
43
55
  # seccomp action values
44
56
  ACTION = {
45
- KILL: 0x00000000,
46
- TRAP: 0x00030000,
57
+ KILL_PROCESS: 0x80000000,
58
+ KILL_THREAD: 0x00000000,
59
+ KILL: 0x00000000, # alias of KILL_THREAD
60
+ TRAP: 0x00030000,
47
61
  ERRNO: 0x00050000,
62
+ USER_NOTIF: 0x7fc00000,
63
+ LOG: 0x7ffc0000,
48
64
  TRACE: 0x7ff00000,
49
65
  ALLOW: 0x7fff0000
50
66
  }.freeze
@@ -65,7 +81,7 @@ module SeccompTools
65
81
  sub: 0x10,
66
82
  mul: 0x20,
67
83
  div: 0x30,
68
- or: 0x40,
84
+ or: 0x40,
69
85
  and: 0x50,
70
86
  lsh: 0x60,
71
87
  rsh: 0x70,
@@ -101,18 +117,33 @@ module SeccompTools
101
117
  # @return [Object]
102
118
  def load_const(cons)
103
119
  arch = cons.to_s.downcase
104
- filename = File.join(__dir__, 'consts', "#{arch}.rb")
120
+ filename = File.join(__dir__, 'consts', 'sys_nr', "#{arch}.rb")
105
121
  return unless File.exist?(filename)
122
+
106
123
  const_set(cons, instance_eval(IO.read(filename)))
107
124
  end
125
+
126
+ def load_args
127
+ hash = instance_eval(IO.read(File.join(__dir__, 'consts', 'sys_arg.rb')))
128
+ Hash.new do |_h, k|
129
+ next hash[k] if hash[k]
130
+ next hash[k.to_s[4..-1].to_sym] if k.to_s.start_with?('x32_')
131
+
132
+ nil
133
+ end
134
+ end
108
135
  end
109
136
 
137
+ # The argument names of all syscalls.
138
+ SYS_ARG = Syscall.load_args.freeze
139
+
110
140
  # Constants from https://github.com/torvalds/linux/blob/master/include/uapi/linux/audit.h.
111
141
  module Audit
112
142
  # AUDIT_ARCH_*
113
143
  ARCH = {
114
144
  'ARCH_X86_64' => 0xc000003e,
115
- 'ARCH_I386' => 0x40000003
145
+ 'ARCH_I386' => 0x40000003,
146
+ 'ARCH_AARCH64' => 0xc00000b7
116
147
  }.freeze
117
148
  end
118
149
  end
@@ -0,0 +1,432 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Generated by `bundle exec rake sys_arg`
4
+
5
+ {
6
+ io_setup: %w[nr_reqs ctx],
7
+ io_destroy: %w[ctx],
8
+ io_cancel: %w[ctx_id iocb result],
9
+ io_getevents: %w[ctx_id min_nr nr events timeout],
10
+ io_getevents_time32: %w[ctx_id min_nr nr events timeout],
11
+ io_pgetevents: %w[ctx_id min_nr nr events timeout sig],
12
+ io_pgetevents_time32: %w[ctx_id min_nr nr events timeout sig],
13
+ io_uring_setup: %w[entries p],
14
+ io_uring_enter: %w[fd to_submit min_complete flags sig sigsz],
15
+ io_uring_register: %w[fd op arg nr_args],
16
+ setxattr: %w[path name value size flags],
17
+ lsetxattr: %w[path name value size flags],
18
+ fsetxattr: %w[fd name value size flags],
19
+ getxattr: %w[path name value size],
20
+ lgetxattr: %w[path name value size],
21
+ fgetxattr: %w[fd name value size],
22
+ listxattr: %w[path list size],
23
+ llistxattr: %w[path list size],
24
+ flistxattr: %w[fd list size],
25
+ removexattr: %w[path name],
26
+ lremovexattr: %w[path name],
27
+ fremovexattr: %w[fd name],
28
+ getcwd: %w[buf size],
29
+ lookup_dcookie: %w[cookie64 buf len],
30
+ eventfd2: %w[count flags],
31
+ epoll_create1: %w[flags],
32
+ epoll_ctl: %w[epfd op fd event],
33
+ epoll_pwait: %w[epfd events maxevents timeout sigmask sigsetsize],
34
+ dup: %w[fildes],
35
+ dup3: %w[oldfd newfd flags],
36
+ fcntl: %w[fd cmd arg],
37
+ fcntl64: %w[fd cmd arg],
38
+ inotify_init1: %w[flags],
39
+ inotify_add_watch: %w[fd path mask],
40
+ inotify_rm_watch: %w[fd wd],
41
+ ioctl: %w[fd cmd arg],
42
+ ioprio_set: %w[which who ioprio],
43
+ ioprio_get: %w[which who],
44
+ flock: %w[fd cmd],
45
+ mknodat: %w[dfd filename mode dev],
46
+ mkdirat: %w[dfd pathname mode],
47
+ unlinkat: %w[dfd pathname flag],
48
+ symlinkat: %w[oldname newdfd newname],
49
+ linkat: %w[olddfd oldname newdfd newname flags],
50
+ renameat: %w[olddfd oldname newdfd newname],
51
+ umount: %w[name flags],
52
+ mount: %w[dev_name dir_name type flags data],
53
+ pivot_root: %w[new_root put_old],
54
+ statfs: %w[path buf],
55
+ statfs64: %w[path sz buf],
56
+ fstatfs: %w[fd buf],
57
+ fstatfs64: %w[fd sz buf],
58
+ truncate: %w[path length],
59
+ ftruncate: %w[fd length],
60
+ truncate64: %w[path length],
61
+ ftruncate64: %w[fd length],
62
+ fallocate: %w[fd mode offset len],
63
+ faccessat: %w[dfd filename mode],
64
+ chdir: %w[filename],
65
+ fchdir: %w[fd],
66
+ chroot: %w[filename],
67
+ fchmod: %w[fd mode],
68
+ fchmodat: %w[dfd filename mode],
69
+ fchownat: %w[dfd filename user group flag],
70
+ fchown: %w[fd user group],
71
+ openat: %w[dfd filename flags mode],
72
+ close: %w[fd],
73
+ vhangup: %w[],
74
+ pipe2: %w[fildes flags],
75
+ quotactl: %w[cmd special id addr],
76
+ getdents64: %w[fd dirent count],
77
+ llseek: %w[fd offset_high offset_low result whence],
78
+ lseek: %w[fd offset whence],
79
+ read: %w[fd buf count],
80
+ write: %w[fd buf count],
81
+ readv: %w[fd vec vlen],
82
+ writev: %w[fd vec vlen],
83
+ pread64: %w[fd buf count pos],
84
+ pwrite64: %w[fd buf count pos],
85
+ preadv: %w[fd vec vlen pos_l pos_h],
86
+ pwritev: %w[fd vec vlen pos_l pos_h],
87
+ sendfile64: %w[out_fd in_fd offset count],
88
+ signalfd4: %w[ufd user_mask sizemask flags],
89
+ vmsplice: %w[fd iov nr_segs flags],
90
+ splice: %w[fd_in off_in fd_out off_out len flags],
91
+ tee: %w[fdin fdout len flags],
92
+ readlinkat: %w[dfd path buf bufsiz],
93
+ newfstatat: %w[dfd filename statbuf flag],
94
+ newfstat: %w[fd statbuf],
95
+ fstat64: %w[fd statbuf],
96
+ fstatat64: %w[dfd filename statbuf flag],
97
+ sync: %w[],
98
+ fsync: %w[fd],
99
+ fdatasync: %w[fd],
100
+ sync_file_range2: %w[fd flags offset nbytes],
101
+ sync_file_range: %w[fd offset nbytes flags],
102
+ timerfd_create: %w[clockid flags],
103
+ timerfd_settime: %w[ufd flags utmr otmr],
104
+ timerfd_gettime: %w[ufd otmr],
105
+ timerfd_gettime32: %w[ufd otmr],
106
+ timerfd_settime32: %w[ufd flags utmr otmr],
107
+ utimensat: %w[dfd filename utimes flags],
108
+ utimensat_time32: %w[dfd filename t flags],
109
+ acct: %w[name],
110
+ capget: %w[header dataptr],
111
+ capset: %w[header data],
112
+ personality: %w[personality],
113
+ exit: %w[error_code],
114
+ exit_group: %w[error_code],
115
+ waitid: %w[which pid infop options ru],
116
+ set_tid_address: %w[tidptr],
117
+ unshare: %w[unshare_flags],
118
+ futex: %w[uaddr op val utime uaddr2 val3],
119
+ futex_time32: %w[uaddr op val utime uaddr2 val3],
120
+ get_robust_list: %w[pid head_ptr len_ptr],
121
+ set_robust_list: %w[head len],
122
+ nanosleep: %w[rqtp rmtp],
123
+ nanosleep_time32: %w[rqtp rmtp],
124
+ getitimer: %w[which value],
125
+ setitimer: %w[which value ovalue],
126
+ kexec_load: %w[entry nr_segments segments flags],
127
+ init_module: %w[umod len uargs],
128
+ delete_module: %w[name_user flags],
129
+ timer_create: %w[which_clock timer_event_spec created_timer_id],
130
+ timer_gettime: %w[timer_id setting],
131
+ timer_getoverrun: %w[timer_id],
132
+ timer_settime: %w[timer_id flags new_setting old_setting],
133
+ timer_delete: %w[timer_id],
134
+ clock_settime: %w[which_clock tp],
135
+ clock_gettime: %w[which_clock tp],
136
+ clock_getres: %w[which_clock tp],
137
+ clock_nanosleep: %w[which_clock flags rqtp rmtp],
138
+ timer_gettime32: %w[timer_id setting],
139
+ timer_settime32: %w[timer_id flags new old],
140
+ clock_settime32: %w[which_clock tp],
141
+ clock_gettime32: %w[which_clock tp],
142
+ clock_getres_time32: %w[which_clock tp],
143
+ clock_nanosleep_time32: %w[which_clock flags rqtp rmtp],
144
+ syslog: %w[type buf len],
145
+ ptrace: %w[request pid addr data],
146
+ sched_setparam: %w[pid param],
147
+ sched_setscheduler: %w[pid policy param],
148
+ sched_getscheduler: %w[pid],
149
+ sched_getparam: %w[pid param],
150
+ sched_setaffinity: %w[pid len user_mask_ptr],
151
+ sched_getaffinity: %w[pid len user_mask_ptr],
152
+ sched_yield: %w[],
153
+ sched_get_priority_max: %w[policy],
154
+ sched_get_priority_min: %w[policy],
155
+ sched_rr_get_interval: %w[pid interval],
156
+ sched_rr_get_interval_time32: %w[pid interval],
157
+ restart_syscall: %w[],
158
+ kill: %w[pid sig],
159
+ tkill: %w[pid sig],
160
+ tgkill: %w[tgid pid sig],
161
+ sigaltstack: %w[uss uoss],
162
+ rt_sigsuspend: %w[unewset sigsetsize],
163
+ rt_sigprocmask: %w[how set oset sigsetsize],
164
+ rt_sigpending: %w[set sigsetsize],
165
+ rt_sigtimedwait: %w[uthese uinfo uts sigsetsize],
166
+ rt_sigtimedwait_time32: %w[uthese uinfo uts sigsetsize],
167
+ rt_sigqueueinfo: %w[pid sig uinfo],
168
+ setpriority: %w[which who niceval],
169
+ getpriority: %w[which who],
170
+ reboot: %w[magic1 magic2 cmd arg],
171
+ setregid: %w[rgid egid],
172
+ setgid: %w[gid],
173
+ setreuid: %w[ruid euid],
174
+ setuid: %w[uid],
175
+ setresuid: %w[ruid euid suid],
176
+ getresuid: %w[ruid euid suid],
177
+ setresgid: %w[rgid egid sgid],
178
+ getresgid: %w[rgid egid sgid],
179
+ setfsuid: %w[uid],
180
+ setfsgid: %w[gid],
181
+ times: %w[tbuf],
182
+ setpgid: %w[pid pgid],
183
+ getpgid: %w[pid],
184
+ getsid: %w[pid],
185
+ setsid: %w[],
186
+ getgroups: %w[gidsetsize grouplist],
187
+ setgroups: %w[gidsetsize grouplist],
188
+ newuname: %w[name],
189
+ sethostname: %w[name len],
190
+ setdomainname: %w[name len],
191
+ getrlimit: %w[resource rlim],
192
+ setrlimit: %w[resource rlim],
193
+ getrusage: %w[who ru],
194
+ umask: %w[mask],
195
+ prctl: %w[option arg2 arg3 arg4 arg5],
196
+ getcpu: %w[cpu node cache],
197
+ gettimeofday: %w[tv tz],
198
+ settimeofday: %w[tv tz],
199
+ adjtimex: %w[txc_p],
200
+ adjtimex_time32: %w[txc_p],
201
+ getpid: %w[],
202
+ getppid: %w[],
203
+ getuid: %w[],
204
+ geteuid: %w[],
205
+ getgid: %w[],
206
+ getegid: %w[],
207
+ gettid: %w[],
208
+ sysinfo: %w[info],
209
+ mq_open: %w[name oflag mode attr],
210
+ mq_unlink: %w[name],
211
+ mq_timedsend: %w[mqdes msg_ptr msg_len msg_prio abs_timeout],
212
+ mq_timedreceive: %w[mqdes msg_ptr msg_len msg_prio abs_timeout],
213
+ mq_notify: %w[mqdes notification],
214
+ mq_getsetattr: %w[mqdes mqstat omqstat],
215
+ mq_timedreceive_time32: %w[mqdes u_msg_ptr msg_len u_msg_prio u_abs_timeout],
216
+ mq_timedsend_time32: %w[mqdes u_msg_ptr msg_len msg_prio u_abs_timeout],
217
+ msgget: %w[key msgflg],
218
+ old_msgctl: %w[msqid cmd buf],
219
+ msgctl: %w[msqid cmd buf],
220
+ msgrcv: %w[msqid msgp msgsz msgtyp msgflg],
221
+ msgsnd: %w[msqid msgp msgsz msgflg],
222
+ semget: %w[key nsems semflg],
223
+ semctl: %w[semid semnum cmd arg],
224
+ old_semctl: %w[semid semnum cmd arg],
225
+ semtimedop: %w[semid sops nsops timeout],
226
+ semtimedop_time32: %w[semid sops nsops timeout],
227
+ semop: %w[semid sops nsops],
228
+ shmget: %w[key size flag],
229
+ old_shmctl: %w[shmid cmd buf],
230
+ shmctl: %w[shmid cmd buf],
231
+ shmat: %w[shmid shmaddr shmflg],
232
+ shmdt: %w[shmaddr],
233
+ setsockopt: %w[fd level optname optval optlen],
234
+ getsockopt: %w[fd level optname optval optlen],
235
+ sendmsg: %w[fd msg flags],
236
+ recvmsg: %w[fd msg flags],
237
+ readahead: %w[fd offset count],
238
+ brk: %w[brk],
239
+ munmap: %w[addr len],
240
+ mremap: %w[addr old_len new_len flags new_addr],
241
+ add_key: %w[_type _description _payload plen destringid],
242
+ request_key: %w[_type _description _callout_info destringid],
243
+ keyctl: %w[cmd arg2 arg3 arg4 arg5],
244
+ execve: %w[filename argv envp],
245
+ fadvise64_64: %w[fd offset len advice],
246
+ swapon: %w[specialfile swap_flags],
247
+ swapoff: %w[specialfile],
248
+ mprotect: %w[start len prot],
249
+ msync: %w[start len flags],
250
+ mlock: %w[start len],
251
+ munlock: %w[start len],
252
+ mlockall: %w[flags],
253
+ munlockall: %w[],
254
+ mincore: %w[start len vec],
255
+ madvise: %w[start len behavior],
256
+ remap_file_pages: %w[start size prot pgoff flags],
257
+ mbind: %w[start len mode nmask maxnode flags],
258
+ get_mempolicy: %w[policy nmask maxnode addr flags],
259
+ set_mempolicy: %w[mode nmask maxnode],
260
+ migrate_pages: %w[pid maxnode from to],
261
+ move_pages: %w[pid nr_pages pages nodes status flags],
262
+ rt_tgsigqueueinfo: %w[tgid pid sig uinfo],
263
+ perf_event_open: %w[attr_uptr pid cpu group_fd flags],
264
+ recvmmsg: %w[fd msg vlen flags timeout],
265
+ recvmmsg_time32: %w[fd msg vlen flags timeout],
266
+ wait4: %w[pid stat_addr options ru],
267
+ prlimit64: %w[pid resource new_rlim old_rlim],
268
+ fanotify_init: %w[flags event_f_flags],
269
+ fanotify_mark: %w[fanotify_fd flags mask fd pathname],
270
+ name_to_handle_at: %w[dfd name handle mnt_id flag],
271
+ open_by_handle_at: %w[mountdirfd handle flags],
272
+ clock_adjtime: %w[which_clock tx],
273
+ clock_adjtime32: %w[which_clock tx],
274
+ syncfs: %w[fd],
275
+ setns: %w[fd nstype],
276
+ sendmmsg: %w[fd msg vlen flags],
277
+ process_vm_readv: %w[pid lvec liovcnt rvec riovcnt flags],
278
+ process_vm_writev: %w[pid lvec liovcnt rvec riovcnt flags],
279
+ kcmp: %w[pid1 pid2 type idx1 idx2],
280
+ finit_module: %w[fd uargs flags],
281
+ sched_setattr: %w[pid attr flags],
282
+ sched_getattr: %w[pid attr size flags],
283
+ renameat2: %w[olddfd oldname newdfd newname flags],
284
+ seccomp: %w[op flags uargs],
285
+ getrandom: %w[buf count flags],
286
+ memfd_create: %w[uname_ptr flags],
287
+ bpf: %w[cmd attr size],
288
+ execveat: %w[dfd filename argv envp flags],
289
+ userfaultfd: %w[flags],
290
+ membarrier: %w[cmd flags],
291
+ mlock2: %w[start len flags],
292
+ copy_file_range: %w[fd_in off_in fd_out off_out len flags],
293
+ preadv2: %w[fd vec vlen pos_l pos_h flags],
294
+ pwritev2: %w[fd vec vlen pos_l pos_h flags],
295
+ pkey_mprotect: %w[start len prot pkey],
296
+ pkey_alloc: %w[flags init_val],
297
+ pkey_free: %w[pkey],
298
+ statx: %w[dfd path flags mask buffer],
299
+ rseq: %w[rseq rseq_len flags sig],
300
+ open_tree: %w[dfd path flags],
301
+ move_mount: %w[from_dfd from_path to_dfd to_path ms_flags],
302
+ fsopen: %w[fs_name flags],
303
+ fsconfig: %w[fs_fd cmd key value aux],
304
+ fsmount: %w[fs_fd flags ms_flags],
305
+ fspick: %w[dfd path flags],
306
+ pidfd_send_signal: %w[pidfd sig info flags],
307
+ ioperm: %w[from num on],
308
+ pciconfig_read: %w[bus dfn off len buf],
309
+ pciconfig_write: %w[bus dfn off len buf],
310
+ pciconfig_iobase: %w[which bus devfn],
311
+ spu_run: %w[fd unpc ustatus],
312
+ spu_create: %w[name flags mode fd],
313
+ open: %w[filename flags mode],
314
+ link: %w[oldname newname],
315
+ unlink: %w[pathname],
316
+ mknod: %w[filename mode dev],
317
+ chmod: %w[filename mode],
318
+ chown: %w[filename user group],
319
+ mkdir: %w[pathname mode],
320
+ rmdir: %w[pathname],
321
+ lchown: %w[filename user group],
322
+ access: %w[filename mode],
323
+ rename: %w[oldname newname],
324
+ symlink: %w[old new],
325
+ stat64: %w[filename statbuf],
326
+ lstat64: %w[filename statbuf],
327
+ pipe: %w[fildes],
328
+ dup2: %w[oldfd newfd],
329
+ epoll_create: %w[size],
330
+ inotify_init: %w[],
331
+ eventfd: %w[count],
332
+ signalfd: %w[ufd user_mask sizemask],
333
+ sendfile: %w[out_fd in_fd offset count],
334
+ newstat: %w[filename statbuf],
335
+ newlstat: %w[filename statbuf],
336
+ fadvise64: %w[fd offset len advice],
337
+ alarm: %w[seconds],
338
+ getpgrp: %w[],
339
+ pause: %w[],
340
+ time: %w[tloc],
341
+ time32: %w[tloc],
342
+ utime: %w[filename times],
343
+ utimes: %w[filename utimes],
344
+ futimesat: %w[dfd filename utimes],
345
+ futimesat_time32: %w[dfd filename t],
346
+ utime32: %w[filename t],
347
+ utimes_time32: %w[filename t],
348
+ creat: %w[pathname mode],
349
+ getdents: %w[fd dirent count],
350
+ select: %w[n inp outp exp tvp],
351
+ poll: %w[ufds nfds timeout],
352
+ epoll_wait: %w[epfd events maxevents timeout],
353
+ ustat: %w[dev ubuf],
354
+ vfork: %w[],
355
+ bdflush: %w[func data],
356
+ oldumount: %w[name],
357
+ uselib: %w[library],
358
+ sysctl: %w[args],
359
+ sysfs: %w[option arg1 arg2],
360
+ fork: %w[],
361
+ stime: %w[tptr],
362
+ stime32: %w[tptr],
363
+ sigpending: %w[uset],
364
+ sigprocmask: %w[how set oset],
365
+ sgetmask: %w[],
366
+ ssetmask: %w[newmask],
367
+ signal: %w[sig handler],
368
+ nice: %w[increment],
369
+ kexec_file_load: %w[kernel_fd initrd_fd cmdline_len cmdline_ptr flags],
370
+ waitpid: %w[pid stat_addr options],
371
+ chown16: %w[filename user group],
372
+ lchown16: %w[filename user group],
373
+ fchown16: %w[fd user group],
374
+ setregid16: %w[rgid egid],
375
+ setgid16: %w[gid],
376
+ setreuid16: %w[ruid euid],
377
+ setuid16: %w[uid],
378
+ setresuid16: %w[ruid euid suid],
379
+ getresuid16: %w[ruid euid suid],
380
+ setresgid16: %w[rgid egid sgid],
381
+ getresgid16: %w[rgid egid sgid],
382
+ setfsuid16: %w[uid],
383
+ setfsgid16: %w[gid],
384
+ getgroups16: %w[gidsetsize grouplist],
385
+ setgroups16: %w[gidsetsize grouplist],
386
+ getuid16: %w[],
387
+ geteuid16: %w[],
388
+ getgid16: %w[],
389
+ getegid16: %w[],
390
+ socketcall: %w[call args],
391
+ stat: %w[filename statbuf],
392
+ lstat: %w[filename statbuf],
393
+ fstat: %w[fd statbuf],
394
+ readlink: %w[path buf bufsiz],
395
+ old_select: %w[arg],
396
+ gethostname: %w[name len],
397
+ old_getrlimit: %w[resource rlim],
398
+ ipc: %w[call first second third ptr fifth],
399
+ mmap_pgoff: %w[addr len prot flags fd pgoff],
400
+ old_mmap: %w[arg],
401
+ ni_syscall: %w[],
402
+ io_submit: %w[ctx_id nr iocbpp],
403
+ pselect6: %w[n inp outp exp tsp sig],
404
+ pselect6_time32: %w[n inp outp exp tsp sig],
405
+ ppoll: %w[ufds nfds tsp sigmask sigsetsize],
406
+ ppoll_time32: %w[ufds nfds tsp sigmask sigsetsize],
407
+ rt_sigaction: %w[sig act oact sigsetsize],
408
+ socket: %w[family type protocol],
409
+ socketpair: %w[family type protocol usockvec],
410
+ bind: %w[fd umyaddr addrlen],
411
+ listen: %w[fd backlog],
412
+ accept: %w[fd upeer_sockaddr upeer_addrlen],
413
+ connect: %w[fd uservaddr addrlen],
414
+ getsockname: %w[fd usockaddr usockaddr_len],
415
+ getpeername: %w[fd usockaddr usockaddr_len],
416
+ sendto: %w[fd buff len flags addr addrlen],
417
+ recvfrom: %w[fd ubuf len flags addr addrlen],
418
+ shutdown: %w[fd how],
419
+ clone: %w[clone_flags newsp parent_tidptr child_tidptr tls],
420
+ accept4: %w[fd upeer_sockaddr upeer_addrlen flags],
421
+ recv: %w[fd ubuf len flags],
422
+ send: %w[fd buff len flags],
423
+ sigaction: %w[sig act oact],
424
+ old_readdir: %w[fd dirent count],
425
+ uname: %w[name],
426
+ olduname: %w[name],
427
+ arch_prctl: %w[code addr],
428
+ mmap: %w[addr len prot flags fd pgoff],
429
+ _llseek: %w[fd offset_high offset_low result whence],
430
+ _sysctl: %w[args],
431
+ _newselect: %w[n inp outp exp tvp]
432
+ }