crosvm/seccomp/x86_64/fs_device.policy

# Copyright 2019 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

@include /usr/share/policy/crosvm/common_device.policy

copy_file_range: 1
fallocate: 1
fchdir: 1
fchmod: 1
fchmodat: 1
fchown: 1
fchownat: 1
fdatasync: 1
fgetxattr: 1
getxattr: 1
fsetxattr: 1
setxattr: 1
flistxattr: 1
listxattr: 1
fremovexattr: 1
removexattr: 1
fstatfs: 1
fsync: 1
ftruncate: 1
getdents64: 1
getegid: 1
geteuid: 1
getrandom: 1
ioctl: arg1 == FS_IOC_FSGETXATTR || \
       arg1 == FS_IOC_FSSETXATTR || \
       arg1 == FS_IOC_GETFLAGS || \
       arg1 == FS_IOC_SETFLAGS || \
       arg1 == FS_IOC_GET_ENCRYPTION_POLICY_EX
linkat: 1
lseek: 1
mkdir: 1
mkdirat: 1
mknodat: 1
newfstatat: 1
open: return ENOENT
openat: 1
preadv: 1
pwritev: 1
readlinkat: 1
renameat2: 1
setresgid: 1
setresuid: 1
symlinkat: 1
statx: 1
umask: 1
unlinkat: 1
utimensat: 1
prctl: arg0 == PR_SET_SECUREBITS || arg0 == PR_GET_SECUREBITS
capget: 1
capset: 1
fcntl: 1