seccomp-tools 1.2.0 → 1.3.0

data/lib/seccomp-tools/bpf.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'set'
 require 'stringio'
 

data/lib/seccomp-tools/cli/asm.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'seccomp-tools/cli/base'
 require 'seccomp-tools/asm/asm'
 
@@ -6,7 +8,7 @@ module SeccompTools
     # Handle 'asm' command.
     class Asm < Base
       # Summary of this command.
-      SUMMARY = 'Seccomp bpf assembler.'.freeze
+      SUMMARY = 'Seccomp bpf assembler.'
       # Usage of this command.
       USAGE = ('asm - ' + SUMMARY + "\n\n" + 'Usage: seccomp-tools asm IN_FILE [options]').freeze
 
@@ -24,8 +26,8 @@ module SeccompTools
             option[:ofile] = o
           end
 
-          opt.on('-f', '--format FORMAT', %i[inspect raw carray],
-                 'Output format. FORMAT can only be one of <inspect|raw|carray>.',
+          opt.on('-f', '--format FORMAT', %i[inspect raw c_array carray c_source assembly],
+                 'Output format. FORMAT can only be one of <inspect|raw|c_array|c_source|assembly>.',
                  'Default: inspect') do |f|
                    option[:format] = f
                  end
@@ -38,14 +40,22 @@ module SeccompTools
       # @return [void]
       def handle
         return unless super
+
         option[:ifile] = argv.shift
         return CLI.show(parser.help) if option[:ifile].nil?
+
         res = SeccompTools::Asm.asm(input, arch: option[:arch])
         output do
           case option[:format]
           when :inspect then res.inspect + "\n"
           when :raw then res
-          when :carray then "unsigned char bpf[] = {#{res.bytes.join(',')}};\n"
+          when :c_array, :carray then "unsigned char bpf[] = {#{res.bytes.join(',')}};\n"
+          when :c_source then SeccompTools::Util.template('asm.c').sub('<TO_BE_REPLACED>', res.bytes.join(','))
+          when :assembly then SeccompTools::Util.template("asm.#{option[:arch]}.asm")
+                                                .sub(
+                                                  '<TO_BE_REPLACED>',
+                                                  res.bytes.map { |b| format('\\\%03o', b) }.join
+                                                )
           end
         end
       end

data/lib/seccomp-tools/cli/base.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'optparse'
 
 require 'seccomp-tools/util'
@@ -26,7 +28,9 @@ module SeccompTools
       #   For decestors to check if need to continue.
       def handle
         return CLI.show(parser.help) if argv.empty? || %w[-h --help].any? { |h| argv.include?(h) }
+
         parser.parse!(argv)
+        option[:arch] ||= Util.system_arch
         true
       end
 
@@ -45,6 +49,7 @@ module SeccompTools
       def output
         # if file name not present, just output to stdout.
         return $stdout.write(yield) if option[:ofile].nil?
+
         # times of calling output
         @serial ||= 0
         # Write to file, we should disable colorize

data/lib/seccomp-tools/cli/cli.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'seccomp-tools/cli/asm'
 require 'seccomp-tools/cli/disasm'
 require 'seccomp-tools/cli/dump'
@@ -28,14 +30,14 @@ EOS
 
     module_function
 
-    # Main work method for CLI.
+    # Main working method of CLI.
     # @param [Array<String>] argv
     #   Command line arguments.
     # @return [void]
     # @example
-    #   work(argv: %w[--help])
+    #   work(%w[--help])
     #   #=> # usage message
-    #   work(argv: %w[--version])
+    #   work(%w[--version])
     #   #=> # version message
     def work(argv)
       # all -h equivalent to --help
@@ -51,6 +53,7 @@ EOS
       cmd = argv.shift
       argv = %w[--help] if preoption.include?('--help')
       return show(invalid(cmd)) if COMMANDS[cmd].nil?
+
       COMMANDS[cmd].new(argv).handle
     end
 

data/lib/seccomp-tools/cli/disasm.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'seccomp-tools/cli/base'
 require 'seccomp-tools/disasm/disasm'
 
@@ -6,7 +8,7 @@ module SeccompTools
     # Handle 'disasm' command.
     class Disasm < Base
       # Summary of this command.
-      SUMMARY = 'Disassemble seccomp bpf.'.freeze
+      SUMMARY = 'Disassemble seccomp bpf.'
       # Usage of this command.
       USAGE = ('disasm - ' + SUMMARY + "\n\n" + 'Usage: seccomp-tools disasm BPF_FILE [options]').freeze
 
@@ -27,8 +29,10 @@ module SeccompTools
       # @return [void]
       def handle
         return unless super
+
         option[:ifile] = argv.shift
         return CLI.show(parser.help) if option[:ifile].nil?
+
         output { SeccompTools::Disasm.disasm(input, arch: option[:arch]) }
       end
     end

data/lib/seccomp-tools/cli/dump.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'seccomp-tools/cli/base'
 require 'seccomp-tools/disasm/disasm'
 require 'seccomp-tools/dumper'
@@ -7,7 +9,7 @@ module SeccompTools
     # Handle 'dump' command.
     class Dump < Base
       # Summary of this command.
-      SUMMARY = 'Automatically dump seccomp bpf from execution file(s).'.freeze
+      SUMMARY = 'Automatically dump seccomp bpf from execution file(s).'
       # Usage of this command.
       USAGE = ('dump - ' + SUMMARY + "\n\n" + 'Usage: seccomp-tools dump [exec] [options]').freeze
 
@@ -53,6 +55,7 @@ module SeccompTools
       # @return [void]
       def handle
         return unless super
+
         option[:command] = argv.shift unless argv.empty?
         SeccompTools::Dumper.dump('/bin/sh', '-c', option[:command], limit: option[:limit]) do |bpf, arch|
           case option[:format]

data/lib/seccomp-tools/cli/emu.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 require 'set'
 
 require 'seccomp-tools/cli/base'
+require 'seccomp-tools/const'
 require 'seccomp-tools/disasm/disasm'
 require 'seccomp-tools/emulator'
 require 'seccomp-tools/util'
@@ -10,7 +13,7 @@ module SeccompTools
     # Handle 'emu' command.
     class Emu < Base
       # Summary of this command.
-      SUMMARY = 'Emulate seccomp rules.'.freeze
+      SUMMARY = 'Emulate seccomp rules.'
       # Usage of this command.
       USAGE = ('emu - ' +
                SUMMARY +
@@ -40,12 +43,14 @@ module SeccompTools
       # @return [void]
       def handle
         return unless super
+
         option[:ifile] = argv.shift
         return CLI.show(parser.help) if option[:ifile].nil?
+
         raw = input
         insts = SeccompTools::Disasm.to_bpf(raw, option[:arch]).map(&:inst)
         sys, *args = argv
-        sys = Integer(sys) if sys
+        sys = evaluate_sys_nr(sys) if sys
         args.map! { |v| Integer(v) }
         trace = Set.new
         res = SeccompTools::Emulator.new(insts, sys_nr: sys, args: args, arch: option[:arch]).run do |ctx|
@@ -65,6 +70,13 @@ module SeccompTools
 
       private
 
+      # @param [String] str
+      # @return [Integer]
+      def evaluate_sys_nr(str)
+        consts = SeccompTools::Const::Syscall.const_get(option[:arch].to_s.upcase)
+        consts[str.to_sym] || Integer(str)
+      end
+
       # output the path during emulation
       # @param [Array<String>] disasm
       # @param [Set] trace
@@ -75,6 +87,7 @@ module SeccompTools
         disasm.each_with_index do |line, idx|
           output do
             next line if trace.member?(idx)
+
             Util.colorize(line, t: :gray)
           end
           # Too much remain, omit them.

data/lib/seccomp-tools/const.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module SeccompTools
   # Define constant values.
   module Const
@@ -24,22 +26,22 @@ module SeccompTools
 
       # bpf command classes
       COMMAND = {
-        ld:   0x0,
-        ldx:  0x1,
-        st:   0x2,
-        stx:  0x3,
-        alu:  0x4,
-        jmp:  0x5,
-        ret:  0x6,
+        ld: 0x0,
+        ldx: 0x1,
+        st: 0x2,
+        stx: 0x3,
+        alu: 0x4,
+        jmp: 0x5,
+        ret: 0x6,
         misc: 0x7
       }.freeze
 
       # types in jmp command
       JMP = {
-        ja:   0x00,
-        jeq:  0x10,
-        jgt:  0x20,
-        jge:  0x30,
+        ja: 0x00,
+        jeq: 0x10,
+        jgt: 0x20,
+        jge: 0x30,
         jset: 0x40
       }.freeze
 
@@ -53,12 +55,12 @@ module SeccompTools
       # seccomp action values
       ACTION = {
         KILL_PROCESS: 0x80000000,
-        KILL_THREAD:  0x00000000,
-        KILL:         0x00000000, # alias of KILL_THREAD
-        TRAP:         0x00030000,
-        ERRNO:        0x00050000,
-        TRACE:        0x7ff00000,
-        ALLOW:        0x7fff0000
+        KILL_THREAD: 0x00000000,
+        KILL: 0x00000000, # alias of KILL_THREAD
+        TRAP: 0x00030000,
+        ERRNO: 0x00050000,
+        TRACE: 0x7ff00000,
+        ALLOW: 0x7fff0000
       }.freeze
 
       # mode used in ld / ldx
@@ -77,7 +79,7 @@ module SeccompTools
         sub: 0x10,
         mul: 0x20,
         div: 0x30,
-        or:  0x40,
+        or: 0x40,
         and: 0x50,
         lsh: 0x60,
         rsh: 0x70,
@@ -113,12 +115,16 @@ module SeccompTools
       # @return [Object]
       def load_const(cons)
         arch = cons.to_s.downcase
-        filename = File.join(__dir__, 'consts', "#{arch}.rb")
+        filename = File.join(__dir__, 'consts', 'sys_nr', "#{arch}.rb")
         return unless File.exist?(filename)
+
         const_set(cons, instance_eval(IO.read(filename)))
       end
     end
 
+    # The argument names of all syscalls.
+    SYS_ARG = instance_eval(IO.read(File.join(__dir__, 'consts', 'sys_arg.rb'))).freeze
+
     # Constants from https://github.com/torvalds/linux/blob/master/include/uapi/linux/audit.h.
     module Audit
       # AUDIT_ARCH_*

data/lib/seccomp-tools/consts/sys_arg.rb

@@ -0,0 +1,432 @@
+# frozen_string_literal: true
+
+# Generated by `bundle exec rake sys_arg`
+
+{
+  io_setup: %w[nr_reqs ctx],
+  io_destroy: %w[ctx],
+  io_cancel: %w[ctx_id iocb result],
+  io_getevents: %w[ctx_id min_nr nr events timeout],
+  io_getevents_time32: %w[ctx_id min_nr nr events timeout],
+  io_pgetevents: %w[ctx_id min_nr nr events timeout sig],
+  io_pgetevents_time32: %w[ctx_id min_nr nr events timeout sig],
+  io_uring_setup: %w[entries p],
+  io_uring_enter: %w[fd to_submit min_complete flags sig sigsz],
+  io_uring_register: %w[fd op arg nr_args],
+  setxattr: %w[path name value size flags],
+  lsetxattr: %w[path name value size flags],
+  fsetxattr: %w[fd name value size flags],
+  getxattr: %w[path name value size],
+  lgetxattr: %w[path name value size],
+  fgetxattr: %w[fd name value size],
+  listxattr: %w[path list size],
+  llistxattr: %w[path list size],
+  flistxattr: %w[fd list size],
+  removexattr: %w[path name],
+  lremovexattr: %w[path name],
+  fremovexattr: %w[fd name],
+  getcwd: %w[buf size],
+  lookup_dcookie: %w[cookie64 buf len],
+  eventfd2: %w[count flags],
+  epoll_create1: %w[flags],
+  epoll_ctl: %w[epfd op fd event],
+  epoll_pwait: %w[epfd events maxevents timeout sigmask sigsetsize],
+  dup: %w[fildes],
+  dup3: %w[oldfd newfd flags],
+  fcntl: %w[fd cmd arg],
+  fcntl64: %w[fd cmd arg],
+  inotify_init1: %w[flags],
+  inotify_add_watch: %w[fd path mask],
+  inotify_rm_watch: %w[fd wd],
+  ioctl: %w[fd cmd arg],
+  ioprio_set: %w[which who ioprio],
+  ioprio_get: %w[which who],
+  flock: %w[fd cmd],
+  mknodat: %w[dfd filename mode dev],
+  mkdirat: %w[dfd pathname mode],
+  unlinkat: %w[dfd pathname flag],
+  symlinkat: %w[oldname newdfd newname],
+  linkat: %w[olddfd oldname newdfd newname flags],
+  renameat: %w[olddfd oldname newdfd newname],
+  umount: %w[name flags],
+  mount: %w[dev_name dir_name type flags data],
+  pivot_root: %w[new_root put_old],
+  statfs: %w[path buf],
+  statfs64: %w[path sz buf],
+  fstatfs: %w[fd buf],
+  fstatfs64: %w[fd sz buf],
+  truncate: %w[path length],
+  ftruncate: %w[fd length],
+  truncate64: %w[path length],
+  ftruncate64: %w[fd length],
+  fallocate: %w[fd mode offset len],
+  faccessat: %w[dfd filename mode],
+  chdir: %w[filename],
+  fchdir: %w[fd],
+  chroot: %w[filename],
+  fchmod: %w[fd mode],
+  fchmodat: %w[dfd filename mode],
+  fchownat: %w[dfd filename user group flag],
+  fchown: %w[fd user group],
+  openat: %w[dfd filename flags mode],
+  close: %w[fd],
+  vhangup: %w[],
+  pipe2: %w[fildes flags],
+  quotactl: %w[cmd special id addr],
+  getdents64: %w[fd dirent count],
+  llseek: %w[fd offset_high offset_low result whence],
+  lseek: %w[fd offset whence],
+  read: %w[fd buf count],
+  write: %w[fd buf count],
+  readv: %w[fd vec vlen],
+  writev: %w[fd vec vlen],
+  pread64: %w[fd buf count pos],
+  pwrite64: %w[fd buf count pos],
+  preadv: %w[fd vec vlen pos_l pos_h],
+  pwritev: %w[fd vec vlen pos_l pos_h],
+  sendfile64: %w[out_fd in_fd offset count],
+  signalfd4: %w[ufd user_mask sizemask flags],
+  vmsplice: %w[fd iov nr_segs flags],
+  splice: %w[fd_in off_in fd_out off_out len flags],
+  tee: %w[fdin fdout len flags],
+  readlinkat: %w[dfd path buf bufsiz],
+  newfstatat: %w[dfd filename statbuf flag],
+  newfstat: %w[fd statbuf],
+  fstat64: %w[fd statbuf],
+  fstatat64: %w[dfd filename statbuf flag],
+  sync: %w[],
+  fsync: %w[fd],
+  fdatasync: %w[fd],
+  sync_file_range2: %w[fd flags offset nbytes],
+  sync_file_range: %w[fd offset nbytes flags],
+  timerfd_create: %w[clockid flags],
+  timerfd_settime: %w[ufd flags utmr otmr],
+  timerfd_gettime: %w[ufd otmr],
+  timerfd_gettime32: %w[ufd otmr],
+  timerfd_settime32: %w[ufd flags utmr otmr],
+  utimensat: %w[dfd filename utimes flags],
+  utimensat_time32: %w[dfd filename t flags],
+  acct: %w[name],
+  capget: %w[header dataptr],
+  capset: %w[header data],
+  personality: %w[personality],
+  exit: %w[error_code],
+  exit_group: %w[error_code],
+  waitid: %w[which pid infop options ru],
+  set_tid_address: %w[tidptr],
+  unshare: %w[unshare_flags],
+  futex: %w[uaddr op val utime uaddr2 val3],
+  futex_time32: %w[uaddr op val utime uaddr2 val3],
+  get_robust_list: %w[pid head_ptr len_ptr],
+  set_robust_list: %w[head len],
+  nanosleep: %w[rqtp rmtp],
+  nanosleep_time32: %w[rqtp rmtp],
+  getitimer: %w[which value],
+  setitimer: %w[which value ovalue],
+  kexec_load: %w[entry nr_segments segments flags],
+  init_module: %w[umod len uargs],
+  delete_module: %w[name_user flags],
+  timer_create: %w[which_clock timer_event_spec created_timer_id],
+  timer_gettime: %w[timer_id setting],
+  timer_getoverrun: %w[timer_id],
+  timer_settime: %w[timer_id flags new_setting old_setting],
+  timer_delete: %w[timer_id],
+  clock_settime: %w[which_clock tp],
+  clock_gettime: %w[which_clock tp],
+  clock_getres: %w[which_clock tp],
+  clock_nanosleep: %w[which_clock flags rqtp rmtp],
+  timer_gettime32: %w[timer_id setting],
+  timer_settime32: %w[timer_id flags new old],
+  clock_settime32: %w[which_clock tp],
+  clock_gettime32: %w[which_clock tp],
+  clock_getres_time32: %w[which_clock tp],
+  clock_nanosleep_time32: %w[which_clock flags rqtp rmtp],
+  syslog: %w[type buf len],
+  ptrace: %w[request pid addr data],
+  sched_setparam: %w[pid param],
+  sched_setscheduler: %w[pid policy param],
+  sched_getscheduler: %w[pid],
+  sched_getparam: %w[pid param],
+  sched_setaffinity: %w[pid len user_mask_ptr],
+  sched_getaffinity: %w[pid len user_mask_ptr],
+  sched_yield: %w[],
+  sched_get_priority_max: %w[policy],
+  sched_get_priority_min: %w[policy],
+  sched_rr_get_interval: %w[pid interval],
+  sched_rr_get_interval_time32: %w[pid interval],
+  restart_syscall: %w[],
+  kill: %w[pid sig],
+  tkill: %w[pid sig],
+  tgkill: %w[tgid pid sig],
+  sigaltstack: %w[uss uoss],
+  rt_sigsuspend: %w[unewset sigsetsize],
+  rt_sigprocmask: %w[how set oset sigsetsize],
+  rt_sigpending: %w[set sigsetsize],
+  rt_sigtimedwait: %w[uthese uinfo uts sigsetsize],
+  rt_sigtimedwait_time32: %w[uthese uinfo uts sigsetsize],
+  rt_sigqueueinfo: %w[pid sig uinfo],
+  setpriority: %w[which who niceval],
+  getpriority: %w[which who],
+  reboot: %w[magic1 magic2 cmd arg],
+  setregid: %w[rgid egid],
+  setgid: %w[gid],
+  setreuid: %w[ruid euid],
+  setuid: %w[uid],
+  setresuid: %w[ruid euid suid],
+  getresuid: %w[ruid euid suid],
+  setresgid: %w[rgid egid sgid],
+  getresgid: %w[rgid egid sgid],
+  setfsuid: %w[uid],
+  setfsgid: %w[gid],
+  times: %w[tbuf],
+  setpgid: %w[pid pgid],
+  getpgid: %w[pid],
+  getsid: %w[pid],
+  setsid: %w[],
+  getgroups: %w[gidsetsize grouplist],
+  setgroups: %w[gidsetsize grouplist],
+  newuname: %w[name],
+  sethostname: %w[name len],
+  setdomainname: %w[name len],
+  getrlimit: %w[resource rlim],
+  setrlimit: %w[resource rlim],
+  getrusage: %w[who ru],
+  umask: %w[mask],
+  prctl: %w[option arg2 arg3 arg4 arg5],
+  getcpu: %w[cpu node cache],
+  gettimeofday: %w[tv tz],
+  settimeofday: %w[tv tz],
+  adjtimex: %w[txc_p],
+  adjtimex_time32: %w[txc_p],
+  getpid: %w[],
+  getppid: %w[],
+  getuid: %w[],
+  geteuid: %w[],
+  getgid: %w[],
+  getegid: %w[],
+  gettid: %w[],
+  sysinfo: %w[info],
+  mq_open: %w[name oflag mode attr],
+  mq_unlink: %w[name],
+  mq_timedsend: %w[mqdes msg_ptr msg_len msg_prio abs_timeout],
+  mq_timedreceive: %w[mqdes msg_ptr msg_len msg_prio abs_timeout],
+  mq_notify: %w[mqdes notification],
+  mq_getsetattr: %w[mqdes mqstat omqstat],
+  mq_timedreceive_time32: %w[mqdes u_msg_ptr msg_len u_msg_prio u_abs_timeout],
+  mq_timedsend_time32: %w[mqdes u_msg_ptr msg_len msg_prio u_abs_timeout],
+  msgget: %w[key msgflg],
+  old_msgctl: %w[msqid cmd buf],
+  msgctl: %w[msqid cmd buf],
+  msgrcv: %w[msqid msgp msgsz msgtyp msgflg],
+  msgsnd: %w[msqid msgp msgsz msgflg],
+  semget: %w[key nsems semflg],
+  semctl: %w[semid semnum cmd arg],
+  old_semctl: %w[semid semnum cmd arg],
+  semtimedop: %w[semid sops nsops timeout],
+  semtimedop_time32: %w[semid sops nsops timeout],
+  semop: %w[semid sops nsops],
+  shmget: %w[key size flag],
+  old_shmctl: %w[shmid cmd buf],
+  shmctl: %w[shmid cmd buf],
+  shmat: %w[shmid shmaddr shmflg],
+  shmdt: %w[shmaddr],
+  setsockopt: %w[fd level optname optval optlen],
+  getsockopt: %w[fd level optname optval optlen],
+  sendmsg: %w[fd msg flags],
+  recvmsg: %w[fd msg flags],
+  readahead: %w[fd offset count],
+  brk: %w[brk],
+  munmap: %w[addr len],
+  mremap: %w[addr old_len new_len flags new_addr],
+  add_key: %w[_type _description _payload plen destringid],
+  request_key: %w[_type _description _callout_info destringid],
+  keyctl: %w[cmd arg2 arg3 arg4 arg5],
+  execve: %w[filename argv envp],
+  fadvise64_64: %w[fd offset len advice],
+  swapon: %w[specialfile swap_flags],
+  swapoff: %w[specialfile],
+  mprotect: %w[start len prot],
+  msync: %w[start len flags],
+  mlock: %w[start len],
+  munlock: %w[start len],
+  mlockall: %w[flags],
+  munlockall: %w[],
+  mincore: %w[start len vec],
+  madvise: %w[start len behavior],
+  remap_file_pages: %w[start size prot pgoff flags],
+  mbind: %w[start len mode nmask maxnode flags],
+  get_mempolicy: %w[policy nmask maxnode addr flags],
+  set_mempolicy: %w[mode nmask maxnode],
+  migrate_pages: %w[pid maxnode from to],
+  move_pages: %w[pid nr_pages pages nodes status flags],
+  rt_tgsigqueueinfo: %w[tgid pid sig uinfo],
+  perf_event_open: %w[attr_uptr pid cpu group_fd flags],
+  recvmmsg: %w[fd msg vlen flags timeout],
+  recvmmsg_time32: %w[fd msg vlen flags timeout],
+  wait4: %w[pid stat_addr options ru],
+  prlimit64: %w[pid resource new_rlim old_rlim],
+  fanotify_init: %w[flags event_f_flags],
+  fanotify_mark: %w[fanotify_fd flags mask fd pathname],
+  name_to_handle_at: %w[dfd name handle mnt_id flag],
+  open_by_handle_at: %w[mountdirfd handle flags],
+  clock_adjtime: %w[which_clock tx],
+  clock_adjtime32: %w[which_clock tx],
+  syncfs: %w[fd],
+  setns: %w[fd nstype],
+  sendmmsg: %w[fd msg vlen flags],
+  process_vm_readv: %w[pid lvec liovcnt rvec riovcnt flags],
+  process_vm_writev: %w[pid lvec liovcnt rvec riovcnt flags],
+  kcmp: %w[pid1 pid2 type idx1 idx2],
+  finit_module: %w[fd uargs flags],
+  sched_setattr: %w[pid attr flags],
+  sched_getattr: %w[pid attr size flags],
+  renameat2: %w[olddfd oldname newdfd newname flags],
+  seccomp: %w[op flags uargs],
+  getrandom: %w[buf count flags],
+  memfd_create: %w[uname_ptr flags],
+  bpf: %w[cmd attr size],
+  execveat: %w[dfd filename argv envp flags],
+  userfaultfd: %w[flags],
+  membarrier: %w[cmd flags],
+  mlock2: %w[start len flags],
+  copy_file_range: %w[fd_in off_in fd_out off_out len flags],
+  preadv2: %w[fd vec vlen pos_l pos_h flags],
+  pwritev2: %w[fd vec vlen pos_l pos_h flags],
+  pkey_mprotect: %w[start len prot pkey],
+  pkey_alloc: %w[flags init_val],
+  pkey_free: %w[pkey],
+  statx: %w[dfd path flags mask buffer],
+  rseq: %w[rseq rseq_len flags sig],
+  open_tree: %w[dfd path flags],
+  move_mount: %w[from_dfd from_path to_dfd to_path ms_flags],
+  fsopen: %w[fs_name flags],
+  fsconfig: %w[fs_fd cmd key value aux],
+  fsmount: %w[fs_fd flags ms_flags],
+  fspick: %w[dfd path flags],
+  pidfd_send_signal: %w[pidfd sig info flags],
+  ioperm: %w[from num on],
+  pciconfig_read: %w[bus dfn off len buf],
+  pciconfig_write: %w[bus dfn off len buf],
+  pciconfig_iobase: %w[which bus devfn],
+  spu_run: %w[fd unpc ustatus],
+  spu_create: %w[name flags mode fd],
+  open: %w[filename flags mode],
+  link: %w[oldname newname],
+  unlink: %w[pathname],
+  mknod: %w[filename mode dev],
+  chmod: %w[filename mode],
+  chown: %w[filename user group],
+  mkdir: %w[pathname mode],
+  rmdir: %w[pathname],
+  lchown: %w[filename user group],
+  access: %w[filename mode],
+  rename: %w[oldname newname],
+  symlink: %w[old new],
+  stat64: %w[filename statbuf],
+  lstat64: %w[filename statbuf],
+  pipe: %w[fildes],
+  dup2: %w[oldfd newfd],
+  epoll_create: %w[size],
+  inotify_init: %w[],
+  eventfd: %w[count],
+  signalfd: %w[ufd user_mask sizemask],
+  sendfile: %w[out_fd in_fd offset count],
+  newstat: %w[filename statbuf],
+  newlstat: %w[filename statbuf],
+  fadvise64: %w[fd offset len advice],
+  alarm: %w[seconds],
+  getpgrp: %w[],
+  pause: %w[],
+  time: %w[tloc],
+  time32: %w[tloc],
+  utime: %w[filename times],
+  utimes: %w[filename utimes],
+  futimesat: %w[dfd filename utimes],
+  futimesat_time32: %w[dfd filename t],
+  utime32: %w[filename t],
+  utimes_time32: %w[filename t],
+  creat: %w[pathname mode],
+  getdents: %w[fd dirent count],
+  select: %w[n inp outp exp tvp],
+  poll: %w[ufds nfds timeout],
+  epoll_wait: %w[epfd events maxevents timeout],
+  ustat: %w[dev ubuf],
+  vfork: %w[],
+  bdflush: %w[func data],
+  oldumount: %w[name],
+  uselib: %w[library],
+  sysctl: %w[args],
+  sysfs: %w[option arg1 arg2],
+  fork: %w[],
+  stime: %w[tptr],
+  stime32: %w[tptr],
+  sigpending: %w[uset],
+  sigprocmask: %w[how set oset],
+  sgetmask: %w[],
+  ssetmask: %w[newmask],
+  signal: %w[sig handler],
+  nice: %w[increment],
+  kexec_file_load: %w[kernel_fd initrd_fd cmdline_len cmdline_ptr flags],
+  waitpid: %w[pid stat_addr options],
+  chown16: %w[filename user group],
+  lchown16: %w[filename user group],
+  fchown16: %w[fd user group],
+  setregid16: %w[rgid egid],
+  setgid16: %w[gid],
+  setreuid16: %w[ruid euid],
+  setuid16: %w[uid],
+  setresuid16: %w[ruid euid suid],
+  getresuid16: %w[ruid euid suid],
+  setresgid16: %w[rgid egid sgid],
+  getresgid16: %w[rgid egid sgid],
+  setfsuid16: %w[uid],
+  setfsgid16: %w[gid],
+  getgroups16: %w[gidsetsize grouplist],
+  setgroups16: %w[gidsetsize grouplist],
+  getuid16: %w[],
+  geteuid16: %w[],
+  getgid16: %w[],
+  getegid16: %w[],
+  socketcall: %w[call args],
+  stat: %w[filename statbuf],
+  lstat: %w[filename statbuf],
+  fstat: %w[fd statbuf],
+  readlink: %w[path buf bufsiz],
+  old_select: %w[arg],
+  gethostname: %w[name len],
+  old_getrlimit: %w[resource rlim],
+  ipc: %w[call first second third ptr fifth],
+  mmap_pgoff: %w[addr len prot flags fd pgoff],
+  old_mmap: %w[arg],
+  ni_syscall: %w[],
+  io_submit: %w[ctx_id nr iocbpp],
+  pselect6: %w[n inp outp exp tsp sig],
+  pselect6_time32: %w[n inp outp exp tsp sig],
+  ppoll: %w[ufds nfds tsp sigmask sigsetsize],
+  ppoll_time32: %w[ufds nfds tsp sigmask sigsetsize],
+  rt_sigaction: %w[sig act oact sigsetsize],
+  socket: %w[family type protocol],
+  socketpair: %w[family type protocol usockvec],
+  bind: %w[fd umyaddr addrlen],
+  listen: %w[fd backlog],
+  accept: %w[fd upeer_sockaddr upeer_addrlen],
+  connect: %w[fd uservaddr addrlen],
+  getsockname: %w[fd usockaddr usockaddr_len],
+  getpeername: %w[fd usockaddr usockaddr_len],
+  sendto: %w[fd buff len flags addr addrlen],
+  recvfrom: %w[fd ubuf len flags addr addrlen],
+  shutdown: %w[fd how],
+  clone: %w[clone_flags newsp parent_tidptr child_tidptr tls],
+  accept4: %w[fd upeer_sockaddr upeer_addrlen flags],
+  recv: %w[fd ubuf len flags],
+  send: %w[fd buff len flags],
+  sigaction: %w[sig act oact],
+  old_readdir: %w[fd dirent count],
+  uname: %w[name],
+  olduname: %w[name],
+  arch_prctl: %w[code addr],
+  mmap: %w[addr len prot flags fd pgoff],
+  _llseek: %w[fd offset_high offset_low result whence],
+  _sysctl: %w[args],
+  _newselect: %w[n inp outp exp tvp]
+}