update seccomp profile for alpine (#493)

Signed-off-by: Matthias Bertschy <[email protected]>
armosec · Nov 28, 2024 · fd7ae2d · fd7ae2d
1 parent 29f1b43
commit fd7ae2d
Showing 1 changed file with 63 additions and 60 deletions.
diff --git a/configurations/k8s_workloads/seccomp/seccomp-alpine-optimized.yaml b/configurations/k8s_workloads/seccomp/seccomp-alpine-optimized.yaml
@@ -14,64 +14,67 @@ spec:
           - SCMP_ARCH_X32
         syscalls:
           - names:
-              - readlinkat
-              - chdir
-              - brk
-              - openat
-              - newfstatat
-              - fchdir
-              - capget
-              - epoll_ctl
-              - rt_sigprocmask
-              - sethostname
-              - read
-              - mprotect
-              - pipe2
-              - gettid
-              - exit_group
-              - setuid
-              - mmap
-              - prctl
-              - getpid
-              - mount
-              - setgid
-              - execve
-              - futex
-              - rt_sigaction
-              - fchownat
-              - epoll_create1
-              - nanosleep
-              - sched_getaffinity
-              - umask
-              - epoll_pwait
-              - sched_yield
-              - getppid
-              - fstat
-              - pivot_root
-              - keyctl
-              - mkdirat
-              - setsid
-              - sigaltstack
-              - set_robust_list
-              - getdents64
-              - setgroups
-              - dup3
-              - mknodat
-              - umount2
-              - close
-              - capset
-              - faccessat2
-              - tgkill
-              - unlinkat
-              - fstatfs
-              - fcntl
-              - write
-              - pread64
-              - fchmodat
-              - clone
-              - symlinkat
-              - rt_sigreturn
-              - munmap
-              - unshare
-              - statfs
+            - access
+            - arch_prctl
+            - brk
+            - capget
+            - capset
+            - chdir
+            - clone
+            - close
+            - connect
+            - copy_file_range
+            - dup
+            - dup2
+            - epoll_ctl
+            - execve
+            - exit_group
+            - faccessat2
+            - fadvise64
+            - fcntl
+            - fstat
+            - fstatfs
+            - futex
+            - getcwd
+            - getdents64
+            - getegid
+            - geteuid
+            - getgid
+            - getpgrp
+            - getpid
+            - getppid
+            - getrandom
+            - getuid
+            - ioctl
+            - lseek
+            - mkdir
+            - mmap
+            - mount
+            - mprotect
+            - munmap
+            - nanosleep
+            - newfstatat
+            - openat
+            - pipe2
+            - prctl
+            - pread64
+            - prlimit64
+            - read
+            - readlink
+            - rseq
+            - rt_sigaction
+            - rt_sigprocmask
+            - rt_sigreturn
+            - set_robust_list
+            - set_tid_address
+            - setgid
+            - setgroups
+            - setuid
+            - socket
+            - stat
+            - statfs
+            - sysinfo
+            - uname
+            - wait4
+            - write
             action: SCMP_ACT_ALLOW