From 39f005f82e3c5daaa2b0f73a30322e1646992a38 Mon Sep 17 00:00:00 2001
From: Fred Chasen <fchasen@gmail.com>
Date: Fri, 25 Oct 2019 11:51:13 -0700
Subject: [PATCH] Add Dockerfile
---
Dockerfile | 85 +++
README.md | 11 +-
docker-font.conf | 13 +
package-lock.json | 2 +-
seccomp.json | 1535 +++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 1644 insertions(+), 2 deletions(-)
create mode 100644 Dockerfile
create mode 100644 docker-font.conf
create mode 100644 seccomp.json
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..df1c746
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,85 @@
+FROM node:10-stretch
+
+# Application parameters and variables
+ENV NODE_ENV=development
+ENV PORT=9090
+ENV DIRECTORY /home/node/pagedjs-cli
+
+# Configuration for Chrome
+ENV CONNECTION_TIMEOUT=60000
+ENV CHROME_PATH=/usr/bin/google-chrome
+
+# Configuration for GS4JS
+ENV GS4JS_HOME=/usr/lib/x86_64-linux-gnu
+
+# Install ghostscript
+RUN apt-get update && \
+ apt-get install -y build-essential make gcc g++ && \
+ apt-get -y install ghostscript && apt-get clean && \
+ apt-get install -y libgs-dev && \
+ rm -rf /var/lib/apt/lists/*
+
+# See https://crbug.com/795759
+RUN apt-get update && apt-get install -yq libgconf-2-4
+
+# Update Freetype
+COPY docker-font.conf /etc/fonts/local.conf
+ENV FREETYPE_PROPERTIES="truetype:interpreter-version=35"
+RUN apt-get update \
+ && sh -c 'echo "deb http://http.us.debian.org/debian stable main contrib non-free" >> /etc/apt/sources.list' \
+ && apt-get update \
+ && apt-get install -y ttf-mscorefonts-installer \
+ --no-install-recommends \
+ && rm -rf /var/lib/apt/lists/*
+
+# Install latest chrome dev package and fonts to support major charsets (Chinese, Japanese, Arabic, Hebrew, Thai and a few others)
+# Note: this installs the necessary libs to make the bundled version of Chromium that Puppeteer
+# installs, work.
+RUN apt-get update && apt-get install -y wget --no-install-recommends \
+ && wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
+ && sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome-unstable.list' \
+ && apt-get update \
+ && apt-get install -y google-chrome-unstable fonts-ipafont-gothic fonts-wqy-zenhei fonts-thai-tlwg fonts-kacst ttf-freefont \
+ --no-install-recommends \
+ && rm -rf /var/lib/apt/lists/* \
+ && apt-get purge --auto-remove -y curl \
+ && rm -rf /src/*.deb
+
+# helps prevent zombie chrome processes.
+ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64 /usr/local/bin/dumb-init
+RUN chmod +x /usr/local/bin/dumb-init
+
+RUN apt-get update && \
+ apt-get install -y vim && \
+ rm -rf /var/lib/apt/lists/*
+
+RUN npm install npm@latest -g
+RUN npm install -g node-gyp
+
+RUN mkdir -p $DIRECTORY
+
+# Add user so we don't need --no-sandbox.
+# RUN groupadd -r node && useradd -r -g node -G audio,video node \
+RUN adduser node audio \
+ && adduser node video \
+ && mkdir -p /home/node/Downloads \
+ && chown -R node:node /home/node \
+ && chown -R node:node /usr/lib \
+ && chown -R node:node $DIRECTORY
+
+# Run everything after as non-privileged user.
+USER node
+
+WORKDIR $DIRECTORY
+
+COPY --chown=node:node package.json $DIRECTORY
+RUN npm install
+RUN npm install ghostscript4js
+
+COPY --chown=node:node . $DIRECTORY
+
+EXPOSE $PORT
+
+ENTRYPOINT ["dumb-init", "--"]
+
+CMD ["./bin/paged"]
diff --git a/README.md b/README.md
index 945fed1..996511b 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,15 @@ mocha
```
## Docker
+
+Build the Docker image
+
+```bash
+docker build -t pagedmedia/pagedjs-cli .
+```
+
+Run the Docker image
+
```bash
-docker run -it -P -v $(pwd):/usr/src/pagedjs-cli fchasen/pagedjs-cli bash
+docker run -it --security-opt 'seccomp=seccomp.json' pagedmedia/pagedjs-cli bash
```
diff --git a/docker-font.conf b/docker-font.conf
new file mode 100644
index 0000000..4a67e84
--- /dev/null
+++ b/docker-font.conf
@@ -0,0 +1,13 @@
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <match target="font">
+ <edit name="antialias" mode="assign"><bool>true</bool></edit>
+ </match>
+ <match target="font">
+ <edit name="hintstyle" mode="assign"><const>hintnone</const></edit>
+ </match>
+ <match target="font">
+ <edit mode="assign" name="hinting"><bool>false</bool></edit>
+ </match>
+</fontconfig>
diff --git a/package-lock.json b/package-lock.json
index 9105d51..1f71e8d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
{
"name": "pagedjs-cli",
- "version": "0.0.8",
+ "version": "0.0.9",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
diff --git a/seccomp.json b/seccomp.json
new file mode 100644
index 0000000..e5b0f2d
--- /dev/null
+++ b/seccomp.json
@@ -0,0 +1,1535 @@
+{
+ "defaultAction": "SCMP_ACT_ERRNO",
+ "syscalls": [
+ {
+ "name": "accept",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "accept4",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "access",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "alarm",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "arch_prctl",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "bind",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "brk",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "capget",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "capset",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "chdir",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "chmod",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "chown",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "chown32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "chroot",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "clock_getres",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "clock_gettime",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "clock_nanosleep",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "clone",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "close",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "connect",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "creat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "dup",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "dup2",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "dup3",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "epoll_create",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "epoll_create1",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "epoll_ctl",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "epoll_ctl_old",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "epoll_pwait",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "epoll_wait",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "epoll_wait_old",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "eventfd",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "eventfd2",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "execve",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "execveat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "exit",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "exit_group",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "faccessat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fadvise64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fadvise64_64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fallocate",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fanotify_init",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fanotify_mark",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fchdir",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fchmod",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fchmodat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fchown",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fchown32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fchownat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fcntl",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fcntl64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fdatasync",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fgetxattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "flistxattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "flock",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fork",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fremovexattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fsetxattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fstat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fstat64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fstatat64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fstatfs",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fstatfs64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "fsync",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "ftruncate",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "ftruncate64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "futex",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "futimesat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getcpu",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getcwd",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getdents",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getdents64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getegid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getegid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "geteuid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "geteuid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getgid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getgid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getgroups",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getgroups32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getitimer",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getpeername",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getpgid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getpgrp",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getpid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getppid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getpriority",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getrandom",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getresgid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getresgid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getresuid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getresuid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getrlimit",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "get_robust_list",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getrusage",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getsid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getsockname",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getsockopt",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "get_thread_area",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "gettid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "gettimeofday",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getuid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getuid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "getxattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "inotify_add_watch",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "inotify_init",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "inotify_init1",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "inotify_rm_watch",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "io_cancel",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "ioctl",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "io_destroy",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "io_getevents",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "ioprio_get",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "ioprio_set",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "io_setup",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "io_submit",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "kill",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "lchown",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "lchown32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "lgetxattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "link",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "linkat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "listen",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "listxattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "llistxattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "_llseek",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "lremovexattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "lseek",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "lsetxattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "lstat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "lstat64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "madvise",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "memfd_create",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mincore",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mkdir",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mkdirat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mknod",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mknodat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mlock",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mlockall",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mmap",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mmap2",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mprotect",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mq_getsetattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mq_notify",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mq_open",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mq_timedreceive",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mq_timedsend",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mq_unlink",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "mremap",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "msgctl",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "msgget",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "msgrcv",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "msgsnd",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "msync",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "munlock",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "munlockall",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "munmap",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "name_to_handle_at",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "nanosleep",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "newfstatat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "_newselect",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "open",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "open_by_handle_at",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "openat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "pause",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "pipe",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "pipe2",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "poll",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "ppoll",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "prctl",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "pread64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "preadv",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "prlimit64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "pselect6",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "pwrite64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "pwritev",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "read",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "readahead",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "readlink",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "readlinkat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "readv",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "recvfrom",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "recvmmsg",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "recvmsg",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "remap_file_pages",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "removexattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "rename",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "renameat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "renameat2",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "rmdir",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "rt_sigaction",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "rt_sigpending",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "rt_sigprocmask",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "rt_sigqueueinfo",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "rt_sigreturn",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "rt_sigsuspend",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "rt_sigtimedwait",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "rt_tgsigqueueinfo",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_getaffinity",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_getattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_getparam",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_get_priority_max",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_get_priority_min",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_getscheduler",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_rr_get_interval",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_setaffinity",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_setattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_setparam",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_setscheduler",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sched_yield",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "seccomp",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "select",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "semctl",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "semget",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "semop",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "semtimedop",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sendfile",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sendfile64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sendmmsg",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sendmsg",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sendto",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setdomainname",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setfsgid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setfsgid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setfsuid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setfsuid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setgid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setgid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setgroups",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setgroups32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sethostname",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setitimer",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setns",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setpgid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setpriority",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setregid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setregid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setresgid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setresgid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setresuid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setresuid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setreuid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setreuid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setrlimit",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "set_robust_list",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setsid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setsockopt",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "set_thread_area",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "set_tid_address",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setuid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setuid32",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "setxattr",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "shmat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "shmctl",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "shmdt",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "shmget",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "shutdown",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sigaltstack",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "signalfd",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "signalfd4",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "socket",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "socketpair",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "splice",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "stat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "stat64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "statfs",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "statfs64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "symlink",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "symlinkat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sync",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sync_file_range",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "syncfs",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "sysinfo",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "syslog",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "tee",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "tgkill",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "time",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "timer_create",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "timer_delete",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "timerfd_create",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "timerfd_gettime",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "timerfd_settime",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "timer_getoverrun",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "timer_gettime",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "timer_settime",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "times",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "tkill",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "truncate",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "truncate64",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "ugetrlimit",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "umask",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "uname",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "unlink",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "unlinkat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "unshare",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "utime",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "utimensat",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "utimes",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "vfork",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "vhangup",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "vmsplice",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "wait4",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "waitid",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "write",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ },
+ {
+ "name": "writev",
+ "action": "SCMP_ACT_ALLOW",
+ "args": null
+ }
+ ]
+}
--
GitLab