linux seccomp

參考：
https://www.anquanke.com/post/id/208364%5C
http://pollux.cc/2019/09/22/seccomp%E6%B2%99%E7%AE%B1%E6%9C%BA%E5%88%B6%20&%202019ByteCTF%20VIP/#0x02-prctl%E5%87%BD%E6%95%B0%E8%B0%83%E7%94%A8
https://github.com/w296488320/getMacForNetlink
https://xz.aliyun.com/t/11480
http://terenceli.github.io/%E6%8A%80%E6%9C%AF/2019/02/04/seccomp
https://android.googlesource.com/kernel/msm.git/+/android-6.0.1_r0.1/include/linux/prctl.h
https://man7.org/linux/man-pages/man2/prctl.2.html
https://blog.seeflower.dev/archives/88/
https://stackoverflow.com/questions/43003805/can-ebpf-modify-the-return-value-or-parameters-of-a-syscall

seccomp 是linux 下安全過濾器沉填，用于禁用系統(tǒng)方法調(diào)用截粗，早期版本僅允許 'read，write滥玷，_exit虫埂，sigreturn' 四個(gè)函數(shù)調(diào)用不有好；后續(xù)是添加了 bpf 讲婚，可自主配置規(guī)則。

Android 默認(rèn)配置

路徑 /system/etc/seccomp_policy/

:/system/etc/seccomp_policy $ cat crash_dump.arm64.policy
read: 1
write: 1
exit: 1
rt_sigreturn: 1
exit_group: 1
clock_gettime: 1
gettimeofday: 1
futex: 1
getrandom: 1
getpid: 1
gettid: 1
ppoll: 1
pipe2: 1
openat: 1
dup: 1
close: 1
lseek: 1
getdents64: 1
faccessat: 1
recvmsg: 1
process_vm_readv: 1
tgkill: 1
rt_sigprocmask: 1
rt_sigaction: 1
rt_tgsigqueueinfo: 1
prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == 0x53564d41
madvise: 1
mprotect: arg2 in 0x1|0x2
munmap: 1
getuid: 1
fstat: 1
mmap: arg2 in 0x1|0x2
geteuid: 1
getgid: 1
getegid: 1
getgroups: 1

對(duì)于一些問題的解釋

BPF_STMT 方法及參數(shù)解釋

BPF_STMT 是 Berkeley Packet Filter(BPF) 的一種語法結(jié)構(gòu)滞项，它用于設(shè)置過濾器規(guī)則。一條 BPF_STMT 可以指示 BPF 程序執(zhí)行一個(gè)特定的操作夭坪。BPF_STMT 有兩個(gè)參數(shù)文判，一個(gè)是操作碼（opcode），另一個(gè)是操作數(shù)（operand）室梅。

BPF_STMT 的操作碼是一個(gè)整數(shù)值律杠，用于表明這條語句要執(zhí)行的操作類型。操作碼的取值范圍是 0~255竞惋，不同的取值代表不同的操作。

BPF_STMT 的操作數(shù)是一個(gè)值或指針灰嫉，表示執(zhí)行操作的具體參數(shù)拆宛。操作數(shù)的類型和取值范圍取決于操作碼所代表的操作類型。

例如讼撒，BPF_STMT(OPCODE, OPERAND) 可以表示執(zhí)行操作碼為 OPCODE浑厚，操作數(shù)為 OPERAND 的操作。常見的操作碼和操作數(shù)解釋如下：

- BPF_LD (Load a value into a register from packet data)
  - BPF_LD_ABS (Load absolute value)
  - BPF_LD_IND (Load value by offset)
  - BPF_LD_MEM (Load value from memory)
- BPF_LDX (Same as BPF_LD but load value into X register)
- BPF_ST (Store a value from a register into memory)
  - BPF_ST_MEM (Store value in memory)
- BPF_STX (Same as BPF_ST but operate on X register)
- BPF_ALU (Arithmetic operation)
  - BPF_ALU_ADD (Addition)
  - BPF_ALU_SUB (Subtraction)
  - BPF_ALU_MUL (Multiplication)
  - BPF_ALU_DIV (Division)
  - BPF_ALU_MOD (Modulo)
  - BPF_ALU_AND (Bitwise AND)
  - BPF_ALU_OR (Bitwise OR)
  - BPF_ALU_XOR (Bitwise XOR)
  - BPF_ALU_LSH (Left shift)
  - BPF_ALU_RSH (Right shift)
  - BPF_ALU_NEG (Negative value)
- BPF_JMP (Jump to a specific instruction if condition is met)
  - BPF_JMP_JA (Jump always)
  - BPF_JMP_JEQ (Jump if equal)
  - BPF_JMP_JGT (Jump if greater than)
  - BPF_JMP_JGE (Jump if greater than or equal)
  - BPF_JMP_JSET (Jump if bits set)
- BPF_RET (Return a value)
  - BPF_RET_K (Return a constant value)
  - BPF_RET_A (Return value in register A)
  - BPF_RET_X (Return value in register X)
  - BPF_RET_ERR (Return an error value)

linux svc 函數(shù)與函數(shù)標(biāo)識(shí)的位數(shù)

Linux 中的 svc 函數(shù)（system call）是操作系統(tǒng)內(nèi)核提供給用戶態(tài)（應(yīng)用程序）的一組接口函數(shù)根盒，它們用于實(shí)現(xiàn)用戶程序?qū)ο到y(tǒng)資源的訪問和操作钳幅。在 Linux 內(nèi)核中，svc 函數(shù)有一個(gè)唯一的標(biāo)識(shí)符炎滞，稱為系統(tǒng)調(diào)用號(hào)（system call number）或系統(tǒng)調(diào)用索引（system call index）敢艰，用于區(qū)分不同的系統(tǒng)調(diào)用。

在 32 位 Linux 系統(tǒng)中册赛，系統(tǒng)調(diào)用號(hào)是一個(gè) 32 位的無符號(hào)整數(shù)钠导，范圍為 0~4294967295，其中 0~255 為預(yù)留的系統(tǒng)調(diào)用號(hào)森瘪，256~32767 為由內(nèi)核定義的標(biāo)準(zhǔn)系統(tǒng)調(diào)用號(hào)牡属，32768~4294967295 為由用戶定義的額外系統(tǒng)調(diào)用號(hào)。因此扼睬，32 位的系統(tǒng)調(diào)用號(hào)可以表示 2^32 種不同的系統(tǒng)調(diào)用函數(shù)逮栅，但其中的一些值已被占用或保留，可用的系統(tǒng)調(diào)用號(hào)只有一部分窗宇。

在 64 位 Linux 系統(tǒng)中措伐，系統(tǒng)調(diào)用號(hào)是一個(gè) 64 位的無符號(hào)整數(shù)，范圍為 0~18446744073709551615军俊，其中 0~335 為預(yù)留的系統(tǒng)調(diào)用號(hào)废士，336~546 為由內(nèi)核定義的標(biāo)準(zhǔn)系統(tǒng)調(diào)用號(hào)，而 547~524255 則為由用戶定義的額外系統(tǒng)調(diào)用號(hào)蝇完。因此官硝，64 位的系統(tǒng)調(diào)用號(hào)可以表示更多的系統(tǒng)調(diào)用函數(shù)矗蕊，目前可用的系統(tǒng)調(diào)用號(hào)也只是其中的一部分。

因此氢架，系統(tǒng)調(diào)用號(hào)可以用一個(gè)無符號(hào)整數(shù)來表示傻咖，其位數(shù)取決于 CPU 架構(gòu)和操作系統(tǒng)的架構(gòu)。在 32 位系統(tǒng)中岖研，系統(tǒng)調(diào)用號(hào)是 32 位卿操，而在 64 位系統(tǒng)中則是 64 位。

linux svc 函數(shù)系統(tǒng)調(diào)用號(hào)的函數(shù)對(duì)應(yīng)數(shù)字

Linux 中的 svc 函數(shù)（system call）和系統(tǒng)調(diào)用號(hào)的對(duì)應(yīng)關(guān)系可以在頭文件 `` 中查找孙援。這個(gè)頭文件中定義了大量的宏定義害淤，包括系統(tǒng)調(diào)用號(hào)和對(duì)應(yīng)的函數(shù)名稱。

在 32 位系統(tǒng)中拓售，以下是一些常見的系統(tǒng)調(diào)用號(hào)和對(duì)應(yīng)的函數(shù)名稱：

| 系統(tǒng)調(diào)用號(hào) | 函數(shù)名稱          |
| ---------- | ----------------- |
| 3          | sys_read          |
| 4          | sys_write         |
| 5          | sys_open          |
| 6          | sys_close         |
| 19         | sys_lseek         |
| 45         | sys_brk           |
| 60         | sys_exit          |
| 61         | sys_fork          |
| 62         | sys_vfork         |
| 63         | sys_clone         |
| 64         | sys_execve        |
| 77         | sys_gettimeofday |
| 91         | sys_munmap        |
| 192        | sys_mprotect      |
| 195        | sys_msync         |
| 197        | sys_readv         |
| 198        | sys_writev        |

在 64 位系統(tǒng)中窥摄，以下是一些常見的系統(tǒng)調(diào)用號(hào)和對(duì)應(yīng)的函數(shù)名稱：

| 系統(tǒng)調(diào)用號(hào) | 函數(shù)名稱        |
| ---------- | --------------- |
| 0          | sys_read        |
| 1          | sys_write       |
| 2          | sys_open        |
| 3          | sys_close       |
| 8          | sys_lseek       |
| 12         | sys_brk         |
| 60         | sys_exit        |
| 57         | sys_fork        |
| 58         | sys_vfork       |
| 56         | sys_clone       |
| 59         | sys_execve      |
| 96         | sys_gettimeofday |
|  munmap     | sys_munmap      |
| 10         | sys_mprotect    |
| 26         | sys_msync       |
| 19         | sys_readv       |
| 20         | sys_writev      |

需要注意的是，在不同的 Linux 發(fā)行版或不同的內(nèi)核版本中础淤，系統(tǒng)調(diào)用號(hào)和函數(shù)名稱可能會(huì)有所不同崭放。因此，在編寫系統(tǒng)調(diào)用程序時(shí)應(yīng)當(dāng)查看當(dāng)前操作系統(tǒng)內(nèi)核所定義的系統(tǒng)調(diào)用號(hào)和對(duì)應(yīng)的函數(shù)名稱鸽凶。

linux 一段 svc 調(diào)用 write 方法的示例

下面是一段使用 svc 調(diào)用 write 方法向控制臺(tái)輸出信息的示例代碼：

```c
#include 
#include 

int main() {
    char str[] = "Hello, world!\n";
    write(STDOUT_FILENO, str, strlen(str));
    return 0;
}

在這段代碼中币砂，我們調(diào)用了 `` 中的 write 函數(shù)，該函數(shù)用于向指定的文件描述符（這里是標(biāo)準(zhǔn)輸出）寫入數(shù)據(jù)玻侥。

注意决摧，write 函數(shù)的第一個(gè)參數(shù)是文件描述符，這里使用 STDOUT_FILENO 表示標(biāo)準(zhǔn)輸出凑兰。第二個(gè)參數(shù)是一個(gè)指向要寫入數(shù)據(jù)的緩沖區(qū)的指針（這里是 str 數(shù)組）蜜徽，第三個(gè)參數(shù)是要寫入的數(shù)據(jù)的大小，使用 strlen 函數(shù)來獲取字符串的長(zhǎng)度票摇。

這段代碼使用了 C 語言的庫函數(shù)來實(shí)現(xiàn)拘鞋，其底層調(diào)用了系統(tǒng)調(diào)用 write。但是在實(shí)現(xiàn)操作系統(tǒng)或嵌入式系統(tǒng)等底層開發(fā)時(shí)矢门，可能需要直接調(diào)用系統(tǒng)調(diào)用 write 來實(shí)現(xiàn)輸出功能盆色。下面是一段使用 svc 調(diào)用 write 方法的示例匯編代碼：

.global _start
_start:
    mov r0, #1    @ 把文件描述符 1 存入 r0 中，1 表示標(biāo)準(zhǔn)輸出
    ldr r1, =msg  @ 把消息的地址存入 r1 中
    mov r2, #13   @ 把消息的長(zhǎng)度存入 r2 中祟剔，此處為 13
    mov r7, #4    @ 設(shè)置系統(tǒng)調(diào)用號(hào)為 4隔躲，此為 write syscall 的編號(hào)
    svc #0        @ 調(diào)用 svc，進(jìn)入內(nèi)核執(zhí)行系統(tǒng)調(diào)用
    mov r0, #0    @ 把零存入 r0 中
    mov r7, #1    @ 設(shè)置系統(tǒng)調(diào)用號(hào)為 1物延，此為 exit syscall 的編號(hào)
    svc #0        @ 調(diào)用 svc宣旱，進(jìn)入內(nèi)核執(zhí)行系統(tǒng)調(diào)用
msg:
    .asciz "Hello, world!\n"

這段匯編代碼使用了 ARMv7 架構(gòu)上的指令。首先使用 mov 指令將文件描述符 1 存儲(chǔ)到寄存器 r0 中叛薯，再使用 ldr 指令將字符串的地址存儲(chǔ)到寄存器 r1 中浑吟，使用 mov 指令將字符串長(zhǎng)度 13 存儲(chǔ)到寄存器 r2 中笙纤。

然后，使用 mov 指令將系統(tǒng)調(diào)用號(hào) 4 存儲(chǔ)到寄存器 r7 中组力，該號(hào)表示 write 系統(tǒng)調(diào)用省容。最后，使用 svc 指令調(diào)用 svc燎字，進(jìn)入內(nèi)核執(zhí)行系統(tǒng)調(diào)用腥椒。

需要注意的是，在 ARMv7 架構(gòu)上候衍，svc 指令使用的是 0x0 作為參數(shù)笼蛛，而不是使用 #0。然后蛉鹿，運(yùn)行 write 系統(tǒng)調(diào)用滨砍，控制臺(tái)將收到 "Hello, world!\n" 信息。最后榨为，使用 mov 指令將值 0 存儲(chǔ)在寄存器 r0 中，表示程序運(yùn)行成功煌茴，再使用 mov 指令將系統(tǒng)調(diào)用號(hào) 1 存儲(chǔ)在寄存器 r7 中随闺，該號(hào)為 exit 系統(tǒng)調(diào)用的編號(hào)。最后蔓腐，再次使用 svc 指令調(diào)用 svc矩乐，進(jìn)入內(nèi)核執(zhí)行系統(tǒng)調(diào)用，結(jié)束程序回论。

5. seccomp 的 prctl 方法參數(shù)解析及使用

prctl 是 Linux 內(nèi)核中的一個(gè)系統(tǒng)調(diào)用散罕，它可以用于設(shè)置進(jìn)程級(jí)別的不同屬性。其中傀蓉，prctl 中的 option 參數(shù)可以理解為對(duì)要采取的進(jìn)程操作的描述欧漱。在 seccomp 場(chǎng)景下，prctl 函數(shù)可以用于設(shè)置進(jìn)程運(yùn)行模式葬燎。

prctl 函數(shù)的原型如下：

int prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5);

其中误甚，option 表示要設(shè)置的選項(xiàng)，arg2 - arg5 是一些不同選項(xiàng)的參數(shù)谱净。在 seccomp 場(chǎng)景下窑邦，我們通常使用 option 為 PR_SET_SECCOMP，表示要為進(jìn)程設(shè)置 seccomp 模式壕探。

PR_SET_SECCOMP 需要傳遞參數(shù)冈钦，具體參數(shù)傳遞方式和參數(shù)的含義需要根據(jù)不同的 seccomp 模式來確定。例如李请，SECCOMP_MODE_STRICT 模式下瞧筛，不支持任何系統(tǒng)調(diào)用厉熟，并且沒有擴(kuò)展操作碼，因此其參數(shù)為 0驾窟。而 SECCOMP_MODE_FILTER 模式下庆猫，則需要傳遞一個(gè)指向 struct sock_fprog 結(jié)構(gòu)體的指針，該結(jié)構(gòu)體包含了進(jìn)程可接受的系統(tǒng)調(diào)用過濾規(guī)則绅络。

下面是一個(gè)使用 seccomp 和 PR_SET_SECCOMP 的示例月培，為進(jìn)程設(shè)置 SECCOMP_MODE_FILTER 模式：

// 定義 seccomp 規(guī)則
struct sock_filter filter[] = {
    /* BPF_STMT(OP, k) */
    BPF_STMT(BPF_LD | BPF_W | BPF_ABS, 0),        // 0x00: LD W ABS[0]
    BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5c5c5c5c, 1, 0),  // 0x04: JEQ K (JUMP IF 0)
    BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW), // 0x08: RET K
    BPF_STMT(BPF_LD | BPF_W | BPF_ABS, 4),        // 0x09: LD W ABS[4]
    BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5c5c5c5c, 1, 0),  // 0x0d: JEQ K (JUMP IF 0)
    BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW), // 0x11: RET K
    BPF_JUMP(BPF_JMP | BPF_JA, 0x00, 0, 0),       // 0x12: JA 0 (GOTO 0)
};

struct sock_fprog prog = {
    .len = sizeof(filter) / sizeof(filter[0]),
    .filter = filter,
};

// 設(shè)置 seccomp 模式
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) == -1) {
    perror("prctl");
    exit(EXIT_FAILURE);
}

在這個(gè)示例中，我們通過定義 struct sock_filter 規(guī)則恩急，實(shí)現(xiàn)了對(duì)進(jìn)程的系統(tǒng)調(diào)用進(jìn)行過濾杉畜。然后，定義了一個(gè) struct sock_fprog 結(jié)構(gòu)體衷恭，該結(jié)構(gòu)體包含了要應(yīng)用的系統(tǒng)調(diào)用過濾規(guī)則此叠。最后，通過調(diào)用 prctl 函數(shù)随珠，將進(jìn)程設(shè)置為 SECCOMP_MODE_FILTER 模式灭袁，并設(shè)置進(jìn)程的系統(tǒng)調(diào)用過濾規(guī)則。

需要注意的是窗看，seccomp 并非只有一種模式茸歧，每種模式的使用方式和參數(shù)都不相同，需要根據(jù)不同的應(yīng)用場(chǎng)景來選擇和使用显沈。同時(shí)软瞎，在使用時(shí)，我們也應(yīng)該格外注意該模式下會(huì)對(duì)哪些系統(tǒng)調(diào)用進(jìn)行限制拉讯，以避免限制系統(tǒng)調(diào)用導(dǎo)致的意外問題涤浇。


6. struct sock_fprog 過濾規(guī)則執(zhí)行邏輯

struct sock_fprog 是 seccomp 過濾器用到的一種特殊數(shù)據(jù)結(jié)構(gòu)，在 Linux 內(nèi)核源碼包中的 include/uapi/linux/filter.h 文件中有該結(jié)構(gòu)體的定義魔慷。它是一種過濾規(guī)則的集合只锭，其中的 len 字段表示規(guī)則的數(shù)量，filter 字段表示規(guī)則列表院尔。

在應(yīng)用 seccomp 過濾器時(shí)纹烹，內(nèi)核會(huì)將過濾規(guī)則交給內(nèi)核虛擬機(jī)（BPF）執(zhí)行。當(dāng)程序調(diào)用系統(tǒng)調(diào)用時(shí)召边，內(nèi)核會(huì)按照這些規(guī)則逐步判斷是否允許該系統(tǒng)調(diào)用的執(zhí)行铺呵。逐條執(zhí)行 filter 數(shù)組中的過濾規(guī)則時(shí)，內(nèi)核會(huì)把過濾規(guī)則轉(zhuǎn)化為內(nèi)核虛擬機(jī)程序隧熙。內(nèi)核執(zhí)行該程序時(shí)片挂，會(huì)使用處理器上的硬件虛擬機(jī)，用來執(zhí)行定義的過濾規(guī)則。

每條過濾規(guī)則通常由一個(gè)或多個(gè) BPF 指令組成音念，這些指令執(zhí)行嚴(yán)格定義的操作沪饺，例如從用戶提供的數(shù)據(jù)緩沖區(qū)讀取數(shù)據(jù)或者從某些寄存器中讀取數(shù)據(jù)等。過濾規(guī)則的執(zhí)行結(jié)果是一個(gè)整數(shù)值闷愤，稱為“狀態(tài)”整葡，該值的含義與每條指令輸出的狀態(tài)相關(guān)。如果所有規(guī)則都執(zhí)行完畢讥脐，并且它們的執(zhí)行結(jié)果都是允許進(jìn)程運(yùn)行系統(tǒng)調(diào)用遭居，則該進(jìn)程可以執(zhí)行該系統(tǒng)調(diào)用，反之則被視為不允許執(zhí)行該調(diào)用旬渠。

struct sock_fprog 類似于一組底層計(jì)算機(jī)指令俱萍。在內(nèi)核中運(yùn)行完成后，使用該過濾規(guī)則的過濾器會(huì)將狀態(tài)的表示結(jié)果傳遞回應(yīng)用程序告丢。根據(jù) seccomp 的模式枪蘑，該狀態(tài)可以表示允許或中止系統(tǒng)調(diào)用。如果該狀態(tài)表示允許系統(tǒng)調(diào)用岖免，則應(yīng)用程序可以正常運(yùn)行該系統(tǒng)調(diào)用岳颇；反之，操作系統(tǒng)會(huì)返回 SECCOMP_RET_KILL_PROCESS（殺死該進(jìn)程）或 SECCOMP_RET_ERRNO（返回指定錯(cuò)誤代碼）颅湘。

需要注意的是话侧，struct sock_fprog 只是過濾規(guī)則的一種非常底層的表達(dá)方式，除以上述整數(shù)表示外栅炒，幾乎沒有與具體系統(tǒng)調(diào)用和參數(shù)交互的方式掂摔。因此术羔，struct sock_fprog 可以實(shí)現(xiàn)非常高效的過濾器方案赢赊，而不會(huì)對(duì)操作系統(tǒng)的性能造成過大的影響。


7. syscall svc 調(diào)用所對(duì)應(yīng)的指令

const syscalls = [
[0, "io_setup", 0x00, "unsigned nr_reqs", "aio_context_t *ctx", "-", "-", "-"],
[1, "io_destroy", 0x01, "aio_context_t ctx", "-", "-", "-", "-"],
[2, "io_submit", 0x02, "aio_context_t", "long", "struct iocb * *", "-", "-"],
[3, "io_cancel", 0x03, "aio_context_t ctx_id", "struct iocb *iocb", "struct io_event *result", "-", "-"],
[4, "io_getevents", 0x04, "aio_context_t ctx_id", "long min_nr", "long nr", "struct io_event *events", "struct __kernel_timespec *timeout"],
[5, "setxattr", 0x05, "const char *path", "const char *name", "const void *value", "size_t size", "int flags"],
[6, "lsetxattr", 0x06, "const char *path", "const char *name", "const void *value", "size_t size", "int flags"],
[7, "fsetxattr", 0x07, "int fd", "const char *name", "const void *value", "size_t size", "int flags"],
[8, "getxattr", 0x08, "const char *path", "const char *name", "void *value", "size_t size", "-"],
[9, "lgetxattr", 0x09, "const char *path", "const char *name", "void *value", "size_t size", "-"],
[10, "fgetxattr", 0x0a, "int fd", "const char *name", "void *value", "size_t size"],
[11, "listxattr", 0x0b, "const char *path", "char *list", "size_t size", "-"],
[12, "llistxattr", 0x0c, "const char *path", "char *list", "size_t size", "-"],
[13, "flistxattr", 0x0d, "int fd", "char *list", "size_t size", "-"],
[14, "removexattr", 0x0e, "const char *path", "const char *name", "-", "-"],
[15, "lremovexattr", 0x0f, "const char *path", "const char *name", "-", "-"],
[16, "fremovexattr", 0x10, "int fd", "const char *name", "-", "-"],
[17, "getcwd", 0x11, "char *buf", "unsigned long size", "-", "-"],
[18, "lookup_dcookie", 0x12, "u64 cookie64", "char *buf", "size_t len", "-"],
[19, "eventfd2", 0x13, "unsigned int count", "int flags", "-", "-"],
[20, "epoll_create1", 0x14, "int flags"],
[21, "epoll_ctl", 0x15, "int epfd", "int op", "int fd", "struct epoll_event *event"],
[22, "epoll_pwait", 0x16, "int epfd", "struct epoll_event *events", "int maxevents", "int timeout", "const sigset_t *sigmask", "size_t sigsetsize"],
[23, "dup", 0x17, "unsigned int fildes"],
[24, "dup3", 0x18, "unsigned int oldfd", "unsigned int newfd", "int flags", "-"],
[25, "fcntl", 0x19, "unsigned int fd", "unsigned int cmd", "unsigned long arg", "-"],
[26, "inotify_init1", 0x1a, "int flags"],
[27, "inotify_add_watch", 0x1b, "int fd", "const char *path", "u32 mask", "-"],
[28, "inotify_rm_watch", 0x1c, "int fd", "s32 wd", "-", "-"],
[29, "ioctl", 0x1d, "unsigned int fd", "unsigned int cmd", "unsigned long arg", "-"],
[30, "ioprio_set", 0x1e, "int which", "int who", "int ioprio", "-"],
[31, "ioprio_get", 0x1f, "int which", "int who", "-", "-"],
[32, "flock", 0x20, "unsigned int fd", "unsigned int cmd", "-", "-"],
[33, "mknodat", 0x21, "int dfd", "const char * filename", "umode_t mode", "unsigned dev"],
[34, "mkdirat", 0x22, "int dfd", "const char * pathname", "umode_t mode", "-"],
[35, "unlinkat", 0x23, "int dfd", "const char * pathname", "int flag", "-"],
[36, "symlinkat", 0x24, "const char * oldname", "int newdfd", "const char * newname", "-"],
[37, "linkat", 0x25, "int olddfd", "const char *oldname", "int newdfd", "const char *newname", "int flag"],
[38, "renameat", 0x26, "int olddfd", "const char * oldname", "int newdfd", "const char * newname"],
[39, "umount2", 0x27, "?", "?", "?", "?", "?", "?["],
[40, "mount", 0x28, "char *dev_name", "char *dir_name", "char *type", "unsigned long flags", "void *dat"],
[41, "pivot_root", 0x29, "const char *new_root", "const char *put_old", "-", "-"],
[42, "nfsservctl", 0x2a, "?", "?", "?", "?", "?", "?["],
[43, "statfs", 0x2b, "const char * path", "struct statfs *buf", "-", "-"],
[44, "fstatfs", 0x2c, "unsigned int fd", "struct statfs *buf", "-", "-"],
[45, "truncate", 0x2d, "const char *path", "long length", "-", "-"],
[46, "ftruncate", 0x2e, "unsigned int fd", "unsigned long length", "-", "-"],
[47, "fallocate", 0x2f, "int fd", "int mode", "loff_t offset", "loff_t len"],
[48, "faccessat", 0x30, "int dfd", "const char *filename", "int mode", "-"],
[49, "chdir", 0x31, "const char *filename"],
[50, "fchdir", 0x32, "unsigned int fd"],
[51, "chroot", 0x33, "const char *filename"],
[52, "fchmod", 0x34, "unsigned int fd", "umode_t mode", "-", "-"],
[53, "fchmodat", 0x35, "int dfd", "const char * filename", "umode_t mode", "-"],
[54, "fchownat", 0x36, "int dfd", "const char *filename", "uid_t user", "gid_t group", "int fla"],
[55, "fchown", 0x37, "unsigned int fd", "uid_t user", "gid_t group", "-"],
[56, "openat", 0x38, "int dfd", "const char *filename", "int flags", "umode_t mode"],
[57, "close", 0x39, "unsigned int fd"],
[58, "vhangup", 0x3a, "-"],
[59, "pipe2", 0x3b, "int *fildes", "int flags", "-", "-"],
[60, "quotactl", 0x3c, "unsigned int cmd", "const char *special", "qid_t id", "void *addr"],
[61, "getdents64", 0x3d, "unsigned int fd", "struct linux_dirent64 *dirent", "unsigned int count", "-"],
[62, "lseek", 0x3e, "unsigned int fd", "off_t offset", "unsigned int whence", "-"],
[63, "read", 0x3f, "unsigned int fd", "char *buf", "size_t count", "-"],
[64, "write", 0x40, "unsigned int fd", "const char *buf", "size_t count", "-"],
[65, "readv", 0x41, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "-"],
[66, "writev", 0x42, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "-"],
[67, "pread64", 0x43, "unsigned int fd", "char *buf", "size_t count", "loff_t pos"],
[68, "pwrite64", 0x44, "unsigned int fd", "const char *buf", "size_t count", "loff_t pos"],
[69, "preadv", 0x45, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "unsigned long pos_l", "unsigned long pos"],
[70, "pwritev", 0x46, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "unsigned long pos_l", "unsigned long pos"],
[71, "sendfile", 0x47, "int out_fd", "int in_fd", "off_t *offset", "size_t count"],
[72, "pselect6", 0x48, "int", "fd_set *", "fd_set *", "fd_set *", "struct __kernel_timespec *", "void *["],
[73, "ppoll", 0x49, "struct pollfd *", "unsigned int", "struct _kernel_timespec *", "const sigset_t *", "size"],
[74, "signalfd4", 0x4a, "int ufd", "sigset_t *user_mask", "size_t sizemask", "int flags"],
[75, "vmsplice", 0x4b, "int fd", "const struct iovec *iov", "unsigned long nr_segs", "unsigned int flags"],
[76, "splice", 0x4c, "int fd_in", "loff_t *off_in", "int fd_out", "loff_t *off_out", "size_t len", "unsigned int flags["],
[77, "tee", 0x4d, "int fdin", "int fdout", "size_t len", "unsigned int flags"],
[78, "readlinkat", 0x4e, "int dfd", "const char *path", "char *buf", "int bufsiz"],
[79, "newfstatat", 0x4f, "int dfd", "const char *filename", "struct stat *statbuf", "int flag"],
[80, "fstat", 0x50, "unsigned int fd", "struct __old_kernel_stat *statbuf", "-", "-"],
[81, "sync", 0x51, "-"],
[82, "fsync", 0x52, "unsigned int fd"],
[83, "fdatasync", 0x53, "unsigned int fd"],
[84, "sync_file_range", 0x54, "int fd", "loff_t offset", "loff_t nbytes", "unsigned int flags"],
[85, "timerfd_create", 0x55, "int clockid", "int flags", "-", "-"],
[86, "timerfd_settime", 0x56, "int ufd", "int flags", "const struct __kernel_itimerspec *utmr", "struct __kernel_itimerspec *otmr"],
[87, "timerfd_gettime", 0x57, "int ufd", "struct __kernel_itimerspec *otmr", "-", "-"],
[88, "utimensat", 0x58, "int dfd", "const char *filename", "struct __kernel_timespec *utimes", "int flags"],
[89, "acct", 0x59, "const char *name"],
[90, "capget", 0x5a, "cap_user_header_t header", "cap_user_data_t dataptr", "-", "-"],
[91, "capset", 0x5b, "cap_user_header_t header", "const cap_user_data_t data", "-", "-"],
[92, "personality", 0x5c, "unsigned int personality"],
[93, "exit", 0x5d, "int error_code"],
[94, "exit_group", 0x5e, "int error_code"],
[95, "waitid", 0x5f, "int which", "pid_t pid", "struct siginfo *infop", "int options", "struct rusage *r"],
[96, "set_tid_address", 0x60, "int *tidptr"],
[97, "unshare", 0x61, "unsigned long unshare_flags"],
[98, "futex", 0x62, "u32 *uaddr", "int op", "u32 val", "struct __kernel_timespec *utime", "u32 *uaddr2", "u32 val3["],
[99, "set_robust_list", 0x63, "struct robust_list_head *head", "size_t len", "-", "-"],
[100, "get_robust_list", 0x64, "int pid", "struct robust_list_head * *head_ptr", "size_t *len_ptr", "-", "-", "-"],
[101, "nanosleep", 0x65, "struct __kernel_timespec *rqtp", "struct __kernel_timespec *rmtp", "-", "-", "-", "-"],
[102, "getitimer", 0x66, "int which", "struct itimerval *value", "-", "-", "-", "-"],
[103, "setitimer", 0x67, "int which", "struct itimerval *value", "struct itimerval *ovalue", "-", "-", "-"],
[104, "kexec_load", 0x68, "unsigned long entry", "unsigned long nr_segments", "struct kexec_segment *segments", "unsigned long flags", "-", "-"],
[105, "init_module", 0x69, "void *umod", "unsigned long len", "const char *uargs", "-", "-", "-"],
[106, "delete_module", 0x6a, "const char *name_user", "unsigned int flags", "-", "-", "-", "-"],
[107, "timer_create", 0x6b, "clockid_t which_clock", "struct sigevent *timer_event_spec", "timer_t * created_timer_id", "-", "-", "-"],
[108, "timer_gettime", 0x6c, "timer_t timer_id", "struct __kernel_itimerspec *setting", "-", "-", "-", "-"],
[109, "timer_getoverrun", 0x6d, "timer_t timer_id", "-", "-", "-", "-", "-"],
[110, "timer_settime", 0x6e, "timer_t timer_id", "int flags", "const struct __kernel_itimerspec *new_setting", "struct __kernel_itimerspec *old_setting", "-", "-"],
[111, "timer_delete", 0x6f, "timer_t timer_id", "-", "-", "-", "-", "-"],
[112, "clock_settime", 0x70, "clockid_t which_clock", "const struct __kernel_timespec *tp", "-", "-", "-", "-"],
[113, "clock_gettime", 0x71, "clockid_t which_clock", "struct __kernel_timespec *tp", "-", "-", "-", "-"],
[114, "clock_getres", 0x72, "clockid_t which_clock", "struct __kernel_timespec *tp", "-", "-", "-", "-"],
[115, "clock_nanosleep", 0x73, "clockid_t which_clock", "int flags", "const struct __kernel_timespec *rqtp", "struct __kernel_timespec *rmtp", "-", "-"],
[116, "syslog", 0x74, "int type", "char *buf", "int len", "-", "-", "-"],
[117, "ptrace", 0x75, "long request", "long pid", "unsigned long addr", "unsigned long data", "-", "-"],
[118, "sched_setparam", 0x76, "pid_t pid", "struct sched_param *param", "-", "-", "-", "-"],
[119, "sched_setscheduler", 0x77, "pid_t pid", "int policy", "struct sched_param *param", "-", "-", "-"],
[120, "sched_getscheduler", 0x78, "pid_t pid", "-", "-", "-", "-", "-"],
[121, "sched_getparam", 0x79, "pid_t pid", "struct sched_param *param", "-", "-", "-", "-"],
[122, "sched_setaffinity", 0x7a, "pid_t pid", "unsigned int len", "unsigned long *user_mask_ptr", "-", "-", "-"],
[123, "sched_getaffinity", 0x7b, "pid_t pid", "unsigned int len", "unsigned long *user_mask_ptr", "-", "-", "-"],
[124, "sched_yield", 0x7c, "-", "-", "-", "-", "-", "-"],
[125, "sched_get_priority_max", 0x7d, "int policy", "-", "-", "-", "-", "-"],
[126, "sched_get_priority_min", 0x7e, "int policy", "-", "-", "-", "-", "-"],
[127, "sched_rr_get_interval", 0x7f, "pid_t pid", "struct __kernel_timespec *interval", "-", "-", "-", "-"],
[128, "restart_syscall", 0x80, "-", "-", "-", "-", "-", "-"],
[129, "kill", 0x81, "pid_t pid", "int sig", "-", "-", "-", "-"],
[130, "tkill", 0x82, "pid_t pid", "int sig", "-", "-", "-", "-"],
[131, "tgkill", 0x83, "pid_t tgid", "pid_t pid", "int sig", "-", "-", "-"],
[132, "sigaltstack", 0x84, "const struct sigaltstack *uss", "struct sigaltstack *uoss", "-", "-", "-", "-"],
[133, "rt_sigsuspend", 0x85, "sigset_t *unewset", "size_t sigsetsize", "-", "-", "-", "-"],
[134, "rt_sigaction", 0x86, "int", "const struct sigaction *", "struct sigaction *", "size_t", "-", "-"],
[135, "rt_sigprocmask", 0x87, "int how", "sigset_t *set", "sigset_t *oset", "size_t sigsetsize", "-", "-"],
[136, "rt_sigpending", 0x88, "sigset_t *set", "size_t sigsetsize", "-", "-", "-", "-"],
[137, "rt_sigtimedwait", 0x89, "const sigset_t *uthese", "siginfo_t *uinfo", "const struct __kernel_timespec *uts", "size_t sigsetsize", "-", "-"],
[138, "rt_sigqueueinfo", 0x8a, "pid_t pid", "int sig", "siginfo_t *uinfo", "-", "-", "-"],
[139, "rt_sigreturn", 0x8b, "?", "?", "?", "?", "?", "?"],
[140, "setpriority", 0x8c, "int which", "int who", "int niceval", "-", "-", "-"],
[141, "getpriority", 0x8d, "int which", "int who", "-", "-", "-", "-"],
[142, "reboot", 0x8e, "int magic1", "int magic2", "unsigned int cmd", "void *arg", "-", "-"],
[143, "setregid", 0x8f, "gid_t rgid", "gid_t egid", "-", "-", "-", "-"],
[144, "setgid", 0x90, "gid_t gid", "-", "-", "-", "-", "-"],
[145, "setreuid", 0x91, "uid_t ruid", "uid_t euid", "-", "-", "-", "-"],
[146, "setuid", 0x92, "uid_t uid", "-", "-", "-", "-", "-"],
[147, "setresuid", 0x93, "uid_t ruid", "uid_t euid", "uid_t suid", "-", "-", "-"],
[148, "getresuid", 0x94, "uid_t *ruid", "uid_t *euid", "uid_t *suid", "-", "-", "-"],
[149, "setresgid", 0x95, "gid_t rgid", "gid_t egid", "gid_t sgid", "-", "-", "-"],
[150, "getresgid", 0x96, "gid_t *rgid", "gid_t *egid", "gid_t *sgid", "-", "-", "-"],
[151, "setfsuid", 0x97, "uid_t uid", "-", "-", "-", "-", "-"],
[152, "setfsgid", 0x98, "gid_t gid", "-", "-", "-", "-", "-"],
[153, "times", 0x99, "struct tms *tbuf", "-", "-", "-", "-", "-"],
[154, "setpgid", 0x9a, "pid_t pid", "pid_t pgid", "-", "-", "-", "-"],
[155, "getpgid", 0x9b, "pid_t pid", "-", "-", "-", "-", "-"],
[156, "getsid", 0x9c, "pid_t pid", "-", "-", "-", "-", "-"],
[157, "setsid", 0x9d, "-", "-", "-", "-", "-", "-"],
[158, "getgroups", 0x9e, "int gidsetsize", "gid_t *grouplist", "-", "-", "-", "-"],
[159, "setgroups", 0x9f, "int gidsetsize", "gid_t *grouplist", "-", "-", "-", "-"],
[160, "uname", 0xa0, "struct old_utsname *", "-", "-", "-", "-", "-"],
[161, "sethostname", 0xa1, "char *name", "int len", "-", "-", "-", "-"],
[162, "setdomainname", 0xa2, "char *name", "int len", "-", "-", "-", "-"],
[163, "getrlimit", 0xa3, "unsigned int resource", "struct rlimit *rlim", "-", "-", "-", "-"],
[164, "setrlimit", 0xa4, "unsigned int resource", "struct rlimit *rlim", "-", "-", "-", "-"],
[165, "getrusage", 0xa5, "int who", "struct rusage *ru", "-", "-", "-", "-"],
[166, "umask", 0xa6, "int mask", "-", "-", "-", "-", "-"],
[167, "prctl", 0xa7, "int option", "unsigned long arg2", "unsigned long arg3", "unsigned long arg4", "unsigned long arg5", "-"],
[168, "getcpu", 0xa8, "unsigned *cpu", "unsigned *node", "struct getcpu_cache *cache", "-", "-", "-"],
[169, "gettimeofday", 0xa9, "struct timeval *tv", "struct timezone *tz", "-", "-", "-", "-"],
[170, "settimeofday", 0xaa, "struct timeval *tv", "struct timezone *tz", "-", "-", "-", "-"],
[171, "adjtimex", 0xab, "struct __kernel_timex *txc_p", "-", "-", "-", "-", "-"],
[172, "getpid", 0xac, "-", "-", "-", "-", "-", "-"],
[173, "getppid", 0xad, "-", "-", "-", "-", "-", "-"],
[174, "getuid", 0xae, "-", "-", "-", "-", "-", "-"],
[175, "geteuid", 0xaf, "-", "-", "-", "-", "-", "-"],
[176, "getgid", 0xb0, "-", "-", "-", "-", "-", "-"],
[177, "getegid", 0xb1, "-", "-", "-", "-", "-", "-"],
[178, "gettid", 0xb2, "-", "-", "-", "-", "-", "-"],
[179, "sysinfo", 0xb3, "struct sysinfo *info", "-", "-", "-", "-", "-"],
[180, "mq_open", 0xb4, "const char *name", "int oflag", "umode_t mode", "struct mq_attr *attr", "-", "-"],
[181, "mq_unlink", 0xb5, "const char *name", "-", "-", "-", "-", "-"],
[182, "mq_timedsend", 0xb6, "mqd_t mqdes", "const char *msg_ptr", "size_t msg_len", "unsigned int msg_prio", "const struct __kernel_timespec *abs_timeout", "-"],
[183, "mq_timedreceive", 0xb7, "mqd_t mqdes", "char *msg_ptr", "size_t msg_len", "unsigned int *msg_prio", "const struct __kernel_timespec *abs_timeout", "-"],
[184, "mq_notify", 0xb8, "mqd_t mqdes", "const struct sigevent *notification", "-", "-", "-", "-"],
[185, "mq_getsetattr", 0xb9, "mqd_t mqdes", "const struct mq_attr *mqstat", "struct mq_attr *omqstat", "-", "-", "-"],
[186, "msgget", 0xba, "key_t key", "int msgflg", "-", "-", "-", "-"],
[187, "msgctl", 0xbb, "int msqid", "int cmd", "struct msqid_ds *buf", "-", "-", "-"],
[188, "msgrcv", 0xbc, "int msqid", "struct msgbuf *msgp", "size_t msgsz", "long msgtyp", "int msgflg", "-"],
[189, "msgsnd", 0xbd, "int msqid", "struct msgbuf *msgp", "size_t msgsz", "int msgflg", "-", "-"],
[190, "semget", 0xbe, "key_t key", "int nsems", "int semflg", "-", "-", "-"],
[191, "semctl", 0xbf, "int semid", "int semnum", "int cmd", "unsigned long arg", "-", "-"],
[192, "semtimedop", 0xc0, "int semid", "struct sembuf *sops", "unsigned nsops", "const struct __kernel_timespec *timeout", "-", "-"],
[193, "semop", 0xc1, "int semid", "struct sembuf *sops", "unsigned nsops", "-", "-", "-"],
[194, "shmget", 0xc2, "key_t key", "size_t size", "int flag", "-", "-", "-"],
[195, "shmctl", 0xc3, "int shmid", "int cmd", "struct shmid_ds *buf", "-", "-", "-"],
[196, "shmat", 0xc4, "int shmid", "char *shmaddr", "int shmflg", "-", "-", "-"],
[197, "shmdt", 0xc5, "char *shmaddr", "-", "-", "-", "-", "-"],
[198, "socket", 0xc6, "int", "int", "int", "-", "-", "-"],
[199, "socketpair", 0xc7, "int", "int", "int", "int *", "-", "-"],
[200, "bind", 0xc8, "int", "struct sockaddr *", "int", "-", "-", "-"],
[201, "listen", 0xc9, "int", "int", "-", "-", "-", "-"],
[202, "accept", 0xca, "int", "struct sockaddr *", "int *", "-", "-", "-"],
[203, "connect", 0xcb, "int", "struct sockaddr *", "int", "-", "-", "-"],
[204, "getsockname", 0xcc, "int", "struct sockaddr *", "int *", "-", "-", "-"],
[205, "getpeername", 0xcd, "int", "struct sockaddr *", "int *", "-", "-", "-"],
[206, "sendto", 0xce, "int", "void *", "size_t", "unsigned", "struct sockaddr *", "int"],
[207, "recvfrom", 0xcf, "int", "void *", "size_t", "unsigned", "struct sockaddr *", "int *"],
[208, "setsockopt", 0xd0, "int fd", "int level", "int optname", "char *optval", "int optlen", "-"],
[209, "getsockopt", 0xd1, "int fd", "int level", "int optname", "char *optval", "int *optlen", "-"],
[210, "shutdown", 0xd2, "int", "int", "-", "-", "-", "-"],
[211, "sendmsg", 0xd3, "int fd", "struct user_msghdr *msg", "unsigned flags", "-", "-", "-"],
[212, "recvmsg", 0xd4, "int fd", "struct user_msghdr *msg", "unsigned flags", "-", "-", "-"],
[213, "readahead", 0xd5, "int fd", "loff_t offset", "size_t count", "-", "-", "-"],
[214, "brk", 0xd6, "unsigned long brk", "-", "-", "-", "-", "-"],
[215, "munmap", 0xd7, "unsigned long addr", "size_t len", "-", "-", "-", "-"],
[216, "mremap", 0xd8, "unsigned long addr", "unsigned long old_len", "unsigned long new_len", "unsigned long flags", "unsigned long new_addr", "-"],
[217, "add_key", 0xd9, "const char *_type", "const char *_description", "const void *_payload", "size_t plen", "key_serial_t destringid", "-"],
[218, "request_key", 0xda, "const char *_type", "const char *_description", "const char *_callout_info", "key_serial_t destringid", "-", "-"],
[219, "keyctl", 0xdb, "int cmd", "unsigned long arg2", "unsigned long arg3", "unsigned long arg4", "unsigned long arg5", "-"],
[220, "clone", 0xdc, "unsigned long", "unsigned long", "int *", "int *", "unsigned long", "-"],
[221, "execve", 0xdd, "const char *filename", "const char *const *argv", "const char *const *envp", "-", "-", "-"],
[222, "mmap", 0xde, "?", "?", "?", "?", "?", "?"],
[223, "fadvise64", 0xdf, "int fd", "loff_t offset", "size_t len", "int advice", "-", "-"],
[224, "swapon", 0xe0, "const char *specialfile", "int swap_flags", "-", "-", "-", "-"],
[225, "swapoff", 0xe1, "const char *specialfile", "-", "-", "-", "-", "-"],
[226, "mprotect", 0xe2, "unsigned long start", "size_t len", "unsigned long prot", "-", "-", "-"],
[227, "msync", 0xe3, "unsigned long start", "size_t len", "int flags", "-", "-", "-"],
[228, "mlock", 0xe4, "unsigned long start", "size_t len", "-", "-", "-", "-"],
[229, "munlock", 0xe5, "unsigned long start", "size_t len", "-", "-", "-", "-"],
[230, "mlockall", 0xe6, "int flags", "-", "-", "-", "-", "-"],
[231, "munlockall", 0xe7, "-", "-", "-", "-", "-", "-"],
[232, "mincore", 0xe8, "unsigned long start", "size_t len", "unsigned char * vec", "-", "-", "-"],
[233, "madvise", 0xe9, "unsigned long start", "size_t len", "int behavior", "-", "-", "-"],
[234, "remap_file_pages", 0xea, "unsigned long start", "unsigned long size", "unsigned long prot", "unsigned long pgoff", "unsigned long flags", "-"],
[235, "mbind", 0xeb, "unsigned long start", "unsigned long len", "unsigned long mode", "const unsigned long *nmask", "unsigned long maxnode", "unsigned flags"],
[236, "get_mempolicy", 0xec, "int *policy", "unsigned long *nmask", "unsigned long maxnode", "unsigned long addr", "unsigned long flags", "-"],
[237, "set_mempolicy", 0xed, "int mode", "const unsigned long *nmask", "unsigned long maxnode", "-", "-", "-"],
[238, "migrate_pages", 0xee, "pid_t pid", "unsigned long maxnode", "const unsigned long *from", "const unsigned long *to", "-", "-"],
[239, "move_pages", 0xef, "pid_t pid", "unsigned long nr_pages", "const void * *pages", "const int *nodes", "int *status", "int flags"],
[240, "rt_tgsigqueueinfo", 0xf0, "pid_t tgid", "pid_t pid", "int sig", "siginfo_t *uinfo", "-", "-"],
[241, "perf_event_open", 0xf1, "struct perf_event_attr *attr_uptr", "pid_t pid", "int cpu", "int group_fd", "unsigned long flags", "-"],
[242, "accept4", 0xf2, "int", "struct sockaddr *", "int *", "int", "-", "-"],
[243, "recvmmsg", 0xf3, "int fd", "struct mmsghdr *msg", "unsigned int vlen", "unsigned flags", "struct __kernel_timespec *timeout", "-"],
[244, "not implemented", 0xf4],
[245, "not implemented", 0xf5],
[246, "not implemented", 0xf6],
[247, "not implemented", 0xf7],
[248, "not implemented", 0xf8],
[249, "not implemented", 0xf9],
[250, "not implemented", 0xfa],
[251, "not implemented", 0xfb],
[252, "not implemented", 0xfc],
[253, "not implemented", 0xfd],
[254, "not implemented", 0xfe],
[255, "not implemented", 0xff],
[256, "not implemented", 0x100],
[257, "not implemented", 0x101],
[258, "not implemented", 0x102],
[259, "not implemented", 0x103],
[260, "wait4", 0x104, "pid_t pid", "int *stat_addr", "int options", "struct rusage *ru", "-", "-"],
[261, "prlimit64", 0x105, "pid_t pid", "unsigned int resource", "const struct rlimit64 *new_rlim", "struct rlimit64 *old_rlim", "-", "-"],
[262, "fanotify_init", 0x106, "unsigned int flags", "unsigned int event_f_flags", "-", "-", "-", "-"],
[263, "fanotify_mark", 0x107, "int fanotify_fd", "unsigned int flags", "u64 mask", "int fd", "const char *pathname", "-"],
[264, "name_to_handle_at", 0x108, "int dfd", "const char *name", "struct file_handle *handle", "int *mnt_id", "int flag", "-"],
[265, "open_by_handle_at", 0x109, "int mountdirfd", "struct file_handle *handle", "int flags", "-", "-", "-"],
[266, "clock_adjtime", 0x10a, "clockid_t which_clock", "struct __kernel_timex *tx", "-", "-", "-", "-"],
[267, "syncfs", 0x10b, "int fd", "-", "-", "-", "-", "-"],
[268, "setns", 0x10c, "int fd", "int nstype", "-", "-", "-", "-"],
[269, "sendmmsg", 0x10d, "int fd", "struct mmsghdr *msg", "unsigned int vlen", "unsigned flags", "-", "-"],
[270, "process_vm_readv", 0x10e, "pid_t pid", "const struct iovec *lvec", "unsigned long liovcnt", "const struct iovec *rvec", "unsigned long riovcnt", "unsigned long flags"],
[271, "process_vm_writev", 0x10f, "pid_t pid", "const struct iovec *lvec", "unsigned long liovcnt", "const struct iovec *rvec", "unsigned long riovcnt", "unsigned long flags"],
[272, "kcmp", 0x110, "pid_t pid1", "pid_t pid2", "int type", "unsigned long idx1", "unsigned long idx2", "-"],
[273, "finit_module", 0x111, "int fd", "const char *uargs", "int flags", "-", "-", "-"],
[274, "sched_setattr", 0x112, "pid_t pid", "struct sched_attr *attr", "unsigned int flags", "-", "-", "-"],
[275, "sched_getattr", 0x113, "pid_t pid", "struct sched_attr *attr", "unsigned int size", "unsigned int flags", "-", "-"],
[276, "renameat2", 0x114, "int olddfd", "const char *oldname", "int newdfd", "const char *newname", "unsigned int flags", "-"],
[277, "seccomp", 0x115, "unsigned int op", "unsigned int flags", "void *uargs", "-", "-", "-"],
[278, "getrandom", 0x116, "char *buf", "size_t count", "unsigned int flags", "-", "-", "-"],
[279, "memfd_create", 0x117, "const char *uname_ptr", "unsigned int flags", "-", "-", "-", "-"],
[280, "bpf", 0x118, "int cmd", "union bpf_attr *attr", "unsigned int size", "-", "-", "-"],
[281, "execveat", 0x119, "int dfd", "const char *filename", "const char *const *argv", "const char *const *envp", "int flags", "-"],
[282, "userfaultfd", 0x11a, "int flags", "-", "-", "-", "-", "-"],
[283, "membarrier", 0x11b, "int cmd", "int flags", "-", "-", "-", "-"],
[284, "mlock2", 0x11c, "unsigned long start", "size_t len", "int flags", "-", "-", "-"],
[285, "copy_file_range", 0x11d, "int fd_in", "loff_t *off_in", "int fd_out", "loff_t *off_out", "size_t len", "unsigned int flags"],
[286, "preadv2", 0x11e, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "unsigned long pos_l", "unsigned long pos_h", "rwf_t flags"],
[287, "pwritev2", 0x11f, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "unsigned long pos_l", "unsigned long pos_h", "rwf_t flags"],
[288, "pkey_mprotect", 0x120, "unsigned long start", "size_t len", "unsigned long prot", "int pkey", "-", "-"],
[289, "pkey_alloc", 0x121, "unsigned long flags", "unsigned long init_val", "-", "-", "-", "-"],
[290, "pkey_free", 0x122, "int pkey", "-", "-", "-", "-", "-"],
[291, "statx", 0x123, "int dfd", "const char *path", "unsigned flags", "unsigned mask", "struct statx *buffer", "-"]
];

最后編輯于：2023.03.09 18:56:58

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者

人面猴
序言：七十年代末级历，一起剝皮案震驚了整個(gè)濱河市释移，隨后出現(xiàn)的幾起案子，更是在濱河造成了極大的恐慌寥殖，老刑警劉巖玩讳，帶你破解...
沈念sama閱讀 212,383評(píng)論 6贊 493
死咒
序言：濱河連續(xù)發(fā)生了三起死亡事件，死亡現(xiàn)場(chǎng)離奇詭異嚼贡，居然都是意外死亡熏纯，警方通過查閱死者的電腦和手機(jī)，發(fā)現(xiàn)死者居然都...
沈念sama閱讀 90,522評(píng)論 3贊 385
救了他兩次的神仙讓他今天三更去死
文/潘曉璐我一進(jìn)店門粤策，熙熙樓的掌柜王于貴愁眉苦臉地迎上來樟澜，“玉大人，你說我怎么就攤上這事≈确。” “怎么了霹俺？”我有些...
開封第一講書人閱讀 157,852評(píng)論 0贊 348
道士緝兇錄：失蹤的賣姜人
文/不壞的土叔我叫張陵，是天一觀的道長(zhǎng)毒费。經(jīng)常有香客問我丙唧，道長(zhǎng)，這世上最難降的妖魔是什么觅玻？我笑而不...
開封第一講書人閱讀 56,621評(píng)論 1贊 284
?港島之戀（遺憾婚禮）
正文為了忘掉前任想际，我火速辦了婚禮，結(jié)果婚禮上串塑，老公的妹妹穿的比我還像新娘沼琉。我一直安慰自己，他們只是感情好桩匪，可當(dāng)我...
茶點(diǎn)故事閱讀 65,741評(píng)論 6贊 386
惡毒庶女頂嫁案：這布局不是一般人想出來的
文/花漫我一把揭開白布打瘪。她就那樣靜靜地躺著，像睡著了一般傻昙。火紅的嫁衣襯著肌膚如雪闺骚。梳的紋絲不亂的頭發(fā)上，一...
開封第一講書人閱讀 49,929評(píng)論 1贊 290
城市分裂傳說
那天妆档，我揣著相機(jī)與錄音僻爽，去河邊找鬼。笑死贾惦，一個(gè)胖子當(dāng)著我的面吹牛胸梆，可吹牛的內(nèi)容都是我干的。我是一名探鬼主播须板，決...
沈念sama閱讀 39,076評(píng)論 3贊 410
雙鴛鴦連環(huán)套：你想象不到人心有多黑
文/蒼蘭香墨我猛地睜開眼碰镜，長(zhǎng)吁一口氣：“原來是場(chǎng)噩夢(mèng)啊……” “哼！你這毒婦竟也來了习瑰？” 一聲冷哼從身側(cè)響起绪颖，我...
開封第一講書人閱讀 37,803評(píng)論 0贊 268
萬榮殺人案實(shí)錄
序言：老撾萬榮一對(duì)情侶失蹤，失蹤者是張志新（化名）和其女友劉穎甜奄，沒想到半個(gè)月后柠横，有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體，經(jīng)...
沈念sama閱讀 44,265評(píng)論 1贊 303
?護(hù)林員之死
正文獨(dú)居荒郊野嶺守林人離奇死亡课兄，尸身上長(zhǎng)有42處帶血的膿包…… 初始之章·張勛以下內(nèi)容為張勛視角年9月15日...
茶點(diǎn)故事閱讀 36,582評(píng)論 2贊 327
?白月光啟示錄
正文我和宋清朗相戀三年牍氛，在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了。大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片烟阐。...
茶點(diǎn)故事閱讀 38,716評(píng)論 1贊 341
活死人
序言：一個(gè)原本活蹦亂跳的男人離奇死亡搬俊，死狀恐怖，靈堂內(nèi)的尸體忽然破棺而出，到底是詐尸還是另有隱情悠抹，我是刑警寧澤珠月，帶...
沈念sama閱讀 34,395評(píng)論 4贊 333
?日本核電站爆炸內(nèi)幕
正文年R本政府宣布，位于F島的核電站楔敌，受9級(jí)特大地震影響啤挎，放射性物質(zhì)發(fā)生泄漏。R本人自食惡果不足惜卵凑，卻給世界環(huán)境...
茶點(diǎn)故事閱讀 40,039評(píng)論 3贊 316
男人毒藥：我在死后第九天來索命
文/蒙蒙一庆聘、第九天我趴在偏房一處隱蔽的房頂上張望。院中可真熱鬧勺卢，春花似錦伙判、人聲如沸。這莊子的主人今日做“春日...
開封第一講書人閱讀 30,798評(píng)論 0贊 21
一樁弒父案宴抚，背后竟有這般陰謀
文/蒼蘭香墨我抬頭看了看天上的太陽。三九已至甫煞，卻和暖如春菇曲，著一層夾襖步出監(jiān)牢的瞬間，已是汗流浹背抚吠。一陣腳步聲響...
開封第一講書人閱讀 32,027評(píng)論 1贊 266
情欲美人皮
我被黑心中介騙來泰國打工常潮，沒想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留，地道東北人楷力。一個(gè)月前我還...
沈念sama閱讀 46,488評(píng)論 2贊 361
代替公主和親
正文我出身青樓喊式，卻偏偏與公主長(zhǎng)得像，于是被迫代替她去往敵國和親萧朝。傳聞我的和親對(duì)象是個(gè)殘疾皇子岔留，可洞房花燭夜當(dāng)晚...
茶點(diǎn)故事閱讀 43,612評(píng)論 2贊 350

linux seccomp

Android 默認(rèn)配置

對(duì)于一些問題的解釋

推薦閱讀更多精彩內(nèi)容