From 2d52e292b216e4a74742b7db7cdac7456230bb82 Mon Sep 17 00:00:00 2001
From: dma <dma@subgraph.com>
Date: Sun, 19 Jul 2015 00:28:17 -0400
Subject: [PATCH] Experimental seccomp blacklist profiles.

---
 profiles/evince-blacklist.seccomp  | 38 ++++++++++++++++++++++++++++++
 profiles/generic-blacklist.seccomp | 38 ++++++++++++++++++++++++++++++
 2 files changed, 76 insertions(+)
 create mode 100644 profiles/evince-blacklist.seccomp
 create mode 100644 profiles/generic-blacklist.seccomp

diff --git a/profiles/evince-blacklist.seccomp b/profiles/evince-blacklist.seccomp
new file mode 100644
index 0000000..a227141
--- /dev/null
+++ b/profiles/evince-blacklist.seccomp
@@ -0,0 +1,38 @@
+acct: 1
+add_key: 1
+delete_module: 1
+finit_module: 1
+get_mempolicy: 1
+get_robust_list: 1
+init_module: 1
+io_cancel: 1
+io_destroy: 1
+io_getevents: 1
+ioperm: 1
+iopl: 1
+io_setup: 1
+kexec_load: 1
+keyctl: 1
+mbind: 1
+migrate_pages: 1
+modify_ldt: 1
+mount: 1
+move_pages: 1
+open_by_handle_at: 1
+perf_event_open: 1
+personality: 1
+pivot_root: 1
+ptrace: 1
+quotactl: 1
+remap_file_pages: 1
+request_key: 1
+set_mempolicy: 1
+#set_robust_list: 1
+set_thread_area: 1
+swapoff: 1
+swapon: 1
+syslog: 1
+umount2: 1
+unshare: 1
+uselib: 1
+vmsplice: 1
diff --git a/profiles/generic-blacklist.seccomp b/profiles/generic-blacklist.seccomp
new file mode 100644
index 0000000..a120a3e
--- /dev/null
+++ b/profiles/generic-blacklist.seccomp
@@ -0,0 +1,38 @@
+acct: 1
+add_key: 1
+delete_module: 1
+finit_module: 1
+get_mempolicy: 1
+get_robust_list: 1
+init_module: 1
+io_cancel: 1
+io_destroy: 1
+io_getevents: 1
+ioperm: 1
+iopl: 1
+io_setup: 1
+kexec_load: 1
+keyctl: 1
+mbind: 1
+migrate_pages: 1
+modify_ldt: 1
+mount: 1
+move_pages: 1
+open_by_handle_at: 1
+perf_event_open: 1
+personality: 1
+pivot_root: 1
+ptrace: 1
+quotactl: 1
+remap_file_pages: 1
+request_key: 1
+set_mempolicy: 1
+set_robust_list: 1
+set_thread_area: 1
+swapoff: 1
+swapon: 1
+syslog: 1
+umount2: 1
+unshare: 1
+uselib: 1
+vmsplice: 1