25 lines
No EOL
514 B
JSON
25 lines
No EOL
514 B
JSON
{
|
|
"defaultAction": "SCMP_ACT_ALLOW",
|
|
"syscalls": [
|
|
{
|
|
"names": [
|
|
"keyctl",
|
|
"syslog",
|
|
"mknod",
|
|
"mknodat",
|
|
"pkey_mprotect",
|
|
"kexec_load",
|
|
"open_by_handle_at",
|
|
"init_module",
|
|
"finit_module",
|
|
"delete_module",
|
|
"bpf"
|
|
],
|
|
"action": "SCMP_ACT_ERRNO",
|
|
"args": [],
|
|
"comment": "Deny potentially risky syscalls that could impact system integrity",
|
|
"includes": {},
|
|
"excludes": {}
|
|
}
|
|
]
|
|
} |