1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280 | $ diff -Naur /tmp/ucs /tmp/docker.sorted
--- /tmp/ucs 2015-04-24 09:41:08.551997217 -0500
+++ /tmp/docker.sorted 2015-04-24 09:43:09.765556404 -0500
@@ -3,15 +3,15 @@
access
alarm
arch_prctl
-arm_fadvise64_64
-arm_sync_file_range
bind
-breakpoint
brk
-cacheflush
capget
+capset
chdir
chmod
+chown
+chown32
+clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
@@ -19,22 +19,6 @@
close
connect
creat
-deny add_key
-deny create_module
-deny delete_module
-deny finit_module
-deny init_module
-deny kexec_load
-deny keyctl
-deny mknod
-deny mknodat
-deny mount
-deny name_to_handle_at
-deny open_by_handle_at
-deny ptrace
-deny request_key
-deny umount
-deny umount2
dup
dup2
dup3
@@ -48,16 +32,20 @@
eventfd
eventfd2
execve
-execveat
exit
exit_group
faccessat
fadvise64
fadvise64_64
fallocate
+fanotify_init
+fanotify_mark
fchdir
fchmod
fchmodat
+fchown
+fchown32
+fchownat
fcntl
fcntl64
fdatasync
@@ -72,9 +60,7 @@
fstatat64
fstatfs
fstatfs64
-fstatvfs
fsync
-ftime
ftruncate
ftruncate64
futex
@@ -92,13 +78,13 @@
getgroups
getgroups32
getitimer
+get_mempolicy
getpeername
getpgid
getpgrp
getpid
getppid
getpriority
-getrandom
getresgid
getresgid32
getresuid
@@ -109,40 +95,56 @@
getsid
getsockname
getsockopt
+get_thread_area
gettid
gettimeofday
getuid
getuid32
getxattr
+inotify_add_watch
+inotify_init
+inotify_init1
+inotify_rm_watch
io_cancel
ioctl
io_destroy
io_getevents
-ioprio_get
io_setup
io_submit
ipc
kill
+lchown
+lchown32
lgetxattr
link
linkat
listen
listxattr
llistxattr
+llseek
lremovexattr
lseek
lsetxattr
lstat
lstat64
madvise
+mbind
mincore
mkdir
mkdirat
+mknod
+mknodat
mlock
mlockall
mmap
mmap2
mprotect
+mq_getsetattr
+mq_notify
+mq_open
+mq_timedreceive
+mq_timedsend
+mq_unlink
mremap
msgctl
msgget
@@ -154,11 +156,13 @@
munmap
nanosleep
newfstatat
+nice
oldfstat
oldlstat
oldolduname
oldstat
olduname
+oldwait4
open
openat
pause
@@ -167,12 +171,10 @@
poll
ppoll
prctl
-pread
pread64
preadv
-pselect
+prlimit64
pselect6
-pwrite
pwrite64
pwritev
read
@@ -189,7 +191,6 @@
removexattr
rename
renameat
-renameat2
restart_syscall
rmdir
rt_sigaction
@@ -201,13 +202,11 @@
rt_sigtimedwait
rt_tgsigqueueinfo
sched_getaffinity
-sched_getattr
sched_getparam
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_rr_get_interval
-sched_setscheduler
sched_yield
select
semctl
@@ -220,14 +219,35 @@
sendmmsg
sendmsg
sendto
+setfsgid
+setfsgid32
+setfsuid
+setfsuid32
+setgid
+setgid32
+setgroups
+setgroups32
+sethostname
setitimer
+set_mempolicy
+setpgid
+setpriority
+setregid
+setregid32
+setresgid
+setresgid32
+setresuid
+setresuid32
+setreuid
+setreuid32
setrlimit
set_robust_list
setsid
setsockopt
set_thread_area
set_tid_address
-set_tls
+setuid
+setuid32
setxattr
shmat
shmctl
@@ -243,21 +263,20 @@
sigprocmask
sigreturn
sigsuspend
-sigtimedwait
-sigwaitinfo
socket
+socketcall
socketpair
splice
stat
stat64
statfs
statfs64
-statvfs
symlink
symlinkat
sync
sync_file_range
sync_file_range2
+syncfs
sysinfo
syslog
tee
@@ -280,15 +299,14 @@
uname
unlink
unlinkat
-usr26
-usr32
+ustat
utime
utimensat
utimes
vfork
vmsplice
-wait
wait4
waitid
waitpid
write
+writev
|