From 122e2fd1713b47d28c6a140cf279a7a3bf0c176a Mon Sep 17 00:00:00 2001
From: dma <dma@subgraph.com>
Date: Sun, 12 Jul 2015 16:44:42 -0400
Subject: [PATCH] Testing: updated profile for evince with example seccomp
 whitelist policy.

---
 profiles/evince-whitelist.seccomp | 93 +++++++++++++++++++++++++++++++
 profiles/evince.json              |  8 +++
 2 files changed, 101 insertions(+)
 create mode 100644 profiles/evince-whitelist.seccomp

diff --git a/profiles/evince-whitelist.seccomp b/profiles/evince-whitelist.seccomp
new file mode 100644
index 0000000..740692b
--- /dev/null
+++ b/profiles/evince-whitelist.seccomp
@@ -0,0 +1,93 @@
+tgkill: 1
+getpid: 1
+bind: 1
+setsockopt: 1
+lchown: 1
+rmdir: 1
+listxattr: 1
+utimes: 1
+getrusage: 1
+splice: 1
+flistxattr: 1
+fadvise64: 1
+readlink: 1
+pread64: 1
+fsync: 1
+getcwd: 1
+fallocate: 1
+chdir: 1
+shmdt: 1
+shmctl: 1
+shmat: 1
+shmget: 1
+inotify_rm_watch: 1
+pwrite64: 1
+rename: 1
+unlink: 1
+link: 1
+chmod: 1
+fstatfs: 1
+mkdir: 1
+exit: 1
+inotify_add_watch: 1
+madvise: 1
+inotify_init1: 1
+prctl: 1
+getegid: 1
+pipe2: 1
+sendmsg: 1
+sendto: 1
+geteuid: 1
+mremap: 1
+getuid: 1
+shutdown: 1
+recvmsg: 1
+recvfrom: 1
+eventfd2: 1
+writev: 1
+dup2 :1
+wait4: 1
+poll: 1
+fcntl: 1
+pipe: 1
+getsockname: 1
+uname: 1
+getpeername: 1
+getresgid: 1
+getresuid: 1
+select: 1
+clock_getres: 1
+access: 1
+arch_prctl: 1
+brk: 1
+clone: 1
+close: 1
+connect: 1
+execve: 1
+exit_group: 1
+fstat: 1
+futex: 1
+getdents: 1
+getrlimit: 1
+getxattr: 1
+ioctl: 1
+lgetxattr: 1
+lseek: 1
+lstat: 1
+mincore: 1
+mmap: 1
+mprotect: 1
+munmap: 1
+open: 1
+openat: 1
+read: 1
+rt_sigaction: 1
+rt_sigprocmask: 1
+sched_getaffinity: 1
+set_robust_list: 1
+set_tid_address: 1
+sigaltstack: 1
+socket: 1
+stat: 1
+statfs: 1
+write: 1
diff --git a/profiles/evince.json b/profiles/evince.json
index 8996dba..9ac3c95 100644
--- a/profiles/evince.json
+++ b/profiles/evince.json
@@ -15,9 +15,17 @@
 	"type":"empty"
 }
 , "whitelist": [
+	{"path":"/var/lib/oz/cells.d/evince.json"}
+	, {"path":"/var/lib/oz/cells.d/evince-whitelist.seccomp"}
 ]
 , "blacklist": [
 ]
 , "environment": [
 ]
+, "seccomp": {
+	"mode":"whitelist"
+	, "enforce": true
+	, "seccomp_whitelist":"/var/lib/oz/cells.d/evince-whitelist.seccomp"
+	, "seccomp_blacklist":""
+	}
 }