#define __NR_restart_syscall 0 #define __NR_exit 1 * #define __NR_fork 2 * #define __NR_read 3 * #define __NR_write 4 * #define __NR_open 5 * #define __NR_close 6 * #define __NR_waitpid 7 - #define __NR_creat 8 * #define __NR_link 9 * [we do not need to check for T_DIR - hardlinks are not allowed for dirs anyway] #define __NR_unlink 10 * #define __NR_execve 11 * #define __NR_chdir 12 * #define __NR_time 13 * #define __NR_mknod 14 * #define __NR_chmod 15 * #define __NR_lchown 16 * #define __NR_break 17 #define __NR_oldstat 18 #define __NR_lseek 19 - #define __NR_getpid 20 - #define __NR_mount 21 ! [do_loopback(), do_move_mount(), do_remount() are missing. we should take care of them, also reading rsbac attributes dirs when necesary] #define __NR_umount 22 * #define __NR_setuid 23 * #define __NR_getuid 24 - #define __NR_stime 25 * #define __NR_ptrace 26 * #define __NR_alarm 27 - #define __NR_oldfstat 28 #define __NR_pause 29 - #define __NR_utime 30 * #define __NR_stty 31 #define __NR_gtty 32 #define __NR_access 33 * #define __NR_nice 34 * #define __NR_ftime 35 #define __NR_sync 36 - #define __NR_kill 37 * #define __NR_rename 38 * #define __NR_mkdir 39 * #define __NR_rmdir 40 * #define __NR_dup 41 - #define __NR_pipe 42 ! [see Interceptions-2.4] #define __NR_times 43 - #define __NR_prof 44 #define __NR_brk 45 - #define __NR_setgid 46 * #define __NR_getgid 47 - #define __NR_signal 48 - #define __NR_geteuid 49 - #define __NR_getegid 50 - #define __NR_acct 51 ! [missing in 2.6, _and_ also on intercepted on 2.4 !!] #define __NR_umount2 52 #define __NR_lock 53 #define __NR_ioctl 54 ! [missing interception - should be fine grained] #define __NR_fcntl 55 ! [missing interception - should be fine grained] #define __NR_mpx 56 #define __NR_setpgid 57 * #define __NR_ulimit 58 #define __NR_oldolduname 59 #define __NR_umask 60 - #define __NR_chroot 61 * #define __NR_ustat 62 - #define __NR_dup2 63 - #define __NR_getppid 64 - #define __NR_getpgrp 65 - #define __NR_setsid 66 - #define __NR_sigaction 67 - #define __NR_sgetmask 68 - #define __NR_ssetmask 69 - #define __NR_setreuid 70 * #define __NR_setregid 71 * #define __NR_sigsuspend 72 - #define __NR_sigpending 73 - #define __NR_sethostname 74 * #define __NR_setrlimit 75 * #define __NR_getrlimit 76 - #define __NR_getrusage 77 - #define __NR_gettimeofday 78 - #define __NR_settimeofday 79 * #define __NR_getgroups 80 - #define __NR_setgroups 81 * #define __NR_select 82 - #define __NR_symlink 83 * #define __NR_oldlstat 84 #define __NR_readlink 85 * #define __NR_uselib 86 * #define __NR_swapon 87 * #define __NR_reboot 88 * #define __NR_readdir 89 #define __NR_mmap 90 * #define __NR_munmap 91 - #define __NR_truncate 92 * #define __NR_ftruncate 93 * #define __NR_fchmod 94 * #define __NR_fchown 95 * #define __NR_getpriority 96 - #define __NR_setpriority 97 * #define __NR_profil 98 #define __NR_statfs 99 * #define __NR_fstatfs 100 * #define __NR_ioperm 101 * #define __NR_socketcall 102 ! [missing interception] #define __NR_syslog 103 * #define __NR_setitimer 104 - #define __NR_getitimer 105 - #define __NR_stat 106 * #define __NR_lstat 107 * #define __NR_fstat 108 * #define __NR_olduname 109 - #define __NR_iopl 110 * #define __NR_vhangup 111 #define __NR_idle 112 #define __NR_vm86old 113 #define __NR_wait4 114 - #define __NR_swapoff 115 * #define __NR_sysinfo 116 - #define __NR_ipc 117 ! [missing interception] #define __NR_fsync 118 - #define __NR_sigreturn 119 - #define __NR_clone 120 * #define __NR_setdomainname 121 * #define __NR_uname 122 - #define __NR_modify_ldt 123 #define __NR_adjtimex 124 * #define __NR_mprotect 125 * #define __NR_sigprocmask 126 - #define __NR_create_module 127 #define __NR_init_module 128 * #define __NR_delete_module 129 #define __NR_get_kernel_syms 130 #define __NR_quotactl 131 ! [missing interception] #define __NR_getpgid 132 - #define __NR_fchdir 133 * #define __NR_bdflush 134 - #define __NR_sysfs 135 - #define __NR_personality 136 ? [what about it] #define __NR_afs_syscall 137 #define __NR_setfsuid 138 * #define __NR_setfsgid 139 * #define __NR__llseek 140 - #define __NR_getdents 141 ! [missing interception - should be in vfs_readdir] #define __NR__newselect 142 - #define __NR_flock 143 - #define __NR_msync 144 - #define __NR_readv 145 * #define __NR_writev 146 * #define __NR_getsid 147 * #define __NR_fdatasync 148 - #define __NR__sysctl 149 ! [missing interception] #define __NR_mlock 150 ? [to care or not to care. this is a question !] #define __NR_munlock 151 ? [see above] #define __NR_mlockall 152 ? [see above] #define __NR_munlockall 153 ? [see above] #define __NR_sched_setparam 154 ! [missing interception] #define __NR_sched_getparam 155 - #define __NR_sched_setscheduler 156 ! [missing interception] #define __NR_sched_getscheduler 157 - #define __NR_sched_yield 158 - #define __NR_sched_get_priority_max 159 - #define __NR_sched_get_priority_min 160 - #define __NR_sched_rr_get_interval 161 - #define __NR_nanosleep 162 - #define __NR_mremap 163 - #define __NR_setresuid 164 * #define __NR_getresuid 165 - #define __NR_vm86 166 #define __NR_query_module 167 ! [intercepted on 2.4, not found on 2.6] #define __NR_poll 168 #define __NR_nfsservctl 169 ! [missing interception] #define __NR_setresgid 170 * #define __NR_getresgid 171 - #define __NR_prctl 172 - #define __NR_rt_sigreturn 173 - #define __NR_rt_sigaction 174 - #define __NR_rt_sigprocmask 175 - #define __NR_rt_sigpending 176 - #define __NR_rt_sigtimedwait 177 - #define __NR_rt_sigqueueinfo 178 - #define __NR_rt_sigsuspend 179 - #define __NR_pread64 180 * #define __NR_pwrite64 181 * #define __NR_chown 182 * #define __NR_getcwd 183 - #define __NR_capget 184 * #define __NR_capset 185 * #define __NR_sigaltstack 186 - #define __NR_sendfile 187 * #define __NR_getpmsg 188 #define __NR_putpmsg 189 #define __NR_vfork 190 * #define __NR_ugetrlimit 191 - #define __NR_mmap2 192 * #define __NR_truncate64 193 * #define __NR_ftruncate64 194 * #define __NR_stat64 195 * vfs_stat() seems to be ok, but there is also cp_new_stat()/cp_new_stat64()] #define __NR_lstat64 196 * #define __NR_fstat64 197 * #define __NR_lchown32 198 * #define __NR_getuid32 199 - #define __NR_getgid32 200 - #define __NR_geteuid32 201 - #define __NR_getegid32 202 - #define __NR_setreuid32 203 #define __NR_setregid32 204 #define __NR_getgroups32 205 - #define __NR_setgroups32 206 #define __NR_fchown32 207 #define __NR_setresuid32 208 #define __NR_getresuid32 209 - #define __NR_setresgid32 210 #define __NR_getresgid32 211 - #define __NR_chown32 212 #define __NR_setuid32 213 #define __NR_setgid32 214 #define __NR_setfsuid32 215 #define __NR_setfsgid32 216 #define __NR_pivot_root 217 * #define __NR_mincore 218 ? [not intercepted - i do not think it is necesary thought] #define __NR_madvise 219 ? [not intercepted - maybe this one should be] #define __NR_madvise1 219 #define __NR_getdents64 220 ! [same as sys_getdents()] #define __NR_fcntl64 221 ! [same as sys_fcntl()] /* 223 is unused */ #define __NR_gettid 224 ? [not intercepted, rather no need to] #define __NR_readahead 225 ? [not intercepted - shall we ?] #define __NR_setxattr 226 ? [do we care about xattr ?] #define __NR_lsetxattr 227 ? [see above] #define __NR_fsetxattr 228 ? [see above] #define __NR_getxattr 229 ? [see above] #define __NR_lgetxattr 230 ? [see above] #define __NR_fgetxattr 231 ? [see above] #define __NR_listxattr 232 ? [see above] #define __NR_llistxattr 233 ? [see above] #define __NR_flistxattr 234 ? [see above] #define __NR_removexattr 235 ? [see above] #define __NR_lremovexattr 236 ? [see above] #define __NR_fremovexattr 237 ? [see above] #define __NR_tkill 238 * #define __NR_sendfile64 239 * #define __NR_futex 240 ! [multiplexer - check it out] #define __NR_sched_setaffinity 241 ! [not intercepted - shall we ?] #define __NR_sched_getaffinity 242 ! [not intercepted, there is no need to] #define __NR_set_thread_area 243 #define __NR_get_thread_area 244 #define __NR_io_setup 245 ? [not intercepted - wtf is it ?] #define __NR_io_destroy 246 [see above] #define __NR_io_getevents 247 [see above] #define __NR_io_submit 248 [see above] #define __NR_io_cancel 249 [see above] #define __NR_fadvise64 250 ? [not intercepted - don't ask me what the heck is it] #define __NR_exit_group 252 ? [not intercepted - should be treated like sys_exit() ?] #define __NR_lookup_dcookie 253 ? [not intercepted - not necesary] #define __NR_epoll_create 254 ? [do we care about epool ?] #define __NR_epoll_ctl 255 ? [see above] #define __NR_epoll_wait 256 ? [see above] #define __NR_remap_file_pages 257 ? [not intercepted - may be dangerous ?] #define __NR_set_tid_address 258 ? [not intercepted - no need to] #define __NR_timer_create 259 ? [not intercepted - no need to ?] #define __NR_timer_settime ? [see above] #define __NR_timer_gettime ? [see above] #define __NR_timer_getoverrun ? [see above] #define __NR_timer_delete ? [see above] #define __NR_clock_settime * #define __NR_clock_gettime - #define __NR_clock_getres - #define __NR_clock_nanosleep - #define __NR_statfs64 268 * #define __NR_fstatfs64 269 * #define __NR_tgkill 270 * #define __NR_utimes 271 * #define __NR_fadvise64_64 272 ? [not intercepted - look fadvise above] #define __NR_vserver 273 - [reservation for friendly project] #define __NR_mbind 274 ? [not intercepted - i am borring, but will ask once more - what the heck ? (memory allocation policy stuff ?)] #define __NR_get_mempolicy 275 ? [see above] #define __NR_set_mempolicy 276 ? [see above] #define __NR_mq_open 277 ? [message queues - i think that may be security revelant] #define __NR_mq_unlink ? [see above] #define __NR_mq_timedsend ? [see above] #define __NR_mq_timedreceive ? [see above] #define __NR_mq_notify ? [see above] #define __NR_mq_getsetattr ? [see above] #define __NR_sys_kexec_load 283 ! [not found, but kexec is very dangerous - should be imidiatelly be taken care of] #define __NR_waitid 284 ? [not intercepted, probably no need to] /* #define __NR_sys_setaltroot 285 ? [if any day it will come out from deep shadows we will be playing with it hard] */ #define __NR_add_key 286 ? [key infrastructure recently hit kernels, another redhat (read: stupid, wastefull and security risky) idea ?] #define __NR_request_key 287 ? [see above] #define __NR_keyctl 288 ? [see above]