| @@ -314,6 +314,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { |
|
|
| 314 |
314 |
"io_pgetevents\0" |
| 315 |
315 |
"io_setup\0" |
| 316 |
316 |
"io_submit\0" |
|
317 |
+"io_uring_enter\0" |
|
318 |
+"io_uring_register\0" |
|
319 |
+"io_uring_setup\0" |
| 317 |
320 |
}, |
| 318 |
321 |
[SYSCALL_FILTER_SET_BASIC_IO] = { |
| 319 |
322 |
.name = "@basic-io", |
| @@ -543,7 +546,13 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { |
|
|
| 543 |
546 |
.help = "Mounting and unmounting of file systems", |
| 544 |
547 |
.value = |
| 545 |
548 |
"chroot\0" |
|
549 |
+"fsconfig\0" |
|
550 |
+"fsmount\0" |
|
551 |
+"fsopen\0" |
|
552 |
+"fspick\0" |
| 546 |
553 |
"mount\0" |
|
554 |
+"move_mount\0" |
|
555 |
+"open_tree\0" |
| 547 |
556 |
"pivot_root\0" |
| 548 |
557 |
"umount\0" |
| 549 |
558 |
"umount2\0" |
| @@ -622,6 +631,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { |
|
|
| 622 |
631 |
"capset\0" |
| 623 |
632 |
"chroot\0" |
| 624 |
633 |
"fanotify_init\0" |
|
634 |
+"fanotify_mark\0" |
| 625 |
635 |
"nfsservctl\0" |
| 626 |
636 |
"open_by_handle_at\0" |
| 627 |
637 |
"pivot_root\0" |
| @@ -647,10 +657,12 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { |
|
|
| 647 |
657 |
"arch_prctl\0" |
| 648 |
658 |
"capget\0" /* Able to query arbitrary processes */ |
| 649 |
659 |
"clone\0" |
|
660 |
+"clone3\0" |
| 650 |
661 |
"execveat\0" |
| 651 |
662 |
"fork\0" |
| 652 |
663 |
"getrusage\0" |
| 653 |
664 |
"kill\0" |
|
665 |
+"pidfd_open\0" |
| 654 |
666 |
"pidfd_send_signal\0" |
| 655 |
667 |
"prctl\0" |
| 656 |
668 |
"rt_sigqueueinfo\0" |