summaryrefslogtreecommitdiff
path: root/code_coverage/seccomp_policy/code_coverage.policy.def
diff options
context:
space:
mode:
Diffstat (limited to 'code_coverage/seccomp_policy/code_coverage.policy.def')
-rw-r--r--code_coverage/seccomp_policy/code_coverage.policy.def51
1 files changed, 51 insertions, 0 deletions
diff --git a/code_coverage/seccomp_policy/code_coverage.policy.def b/code_coverage/seccomp_policy/code_coverage.policy.def
new file mode 100644
index 0000000000..f136084bcd
--- /dev/null
+++ b/code_coverage/seccomp_policy/code_coverage.policy.def
@@ -0,0 +1,51 @@
+// SECCOMP_MODE_STRICT
+//
+// minijail allowances for code coverage
+// this is processed with generate.sh, so we can use appropriate directives
+// size specific: __LP64__ for 64 bit, else 32 bit
+// arch specific: __arm__, __aarch64__, __i386__, __x86_64__
+
+// includes *all* syscalls used during the coverage dumping
+// no skipping just because they might have been in another policy file.
+
+// coverage tool uses different operations on different passes
+// 1st: uses write() to fill the file
+// 2nd-Nth: uses mmap() to update in place
+
+close: 1
+mkdirat: 1
+msync: 1
+munmap: 1
+openat: 1
+write: 1
+
+#if defined(__LP64__)
+fcntl: 1
+fstat: 1
+geteuid: 1
+lseek: 1
+mmap: 1
+rt_sigreturn: 1
+#else
+fcntl64: 1
+fstat64: 1
+geteuid32: 1
+_llseek: 1
+mmap2: 1
+sigreturn: 1
+#endif
+
+#if defined(__arm__)
+gettimeofday: 1
+#endif
+
+#if defined(__i386__)
+madvise: 1
+#endif
+
+#if defined(__arm__)
+prctl: 1
+#elif defined(__aarch64__)
+prctl: 1
+#endif
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 18:23:36 +0000