seccomp-profile.jsonβ’4.66 kB
{
"defaultAction": "SCMP_ACT_ERRNO",
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
}
],
"syscalls": [
{
"names": [
"accept",
"accept4",
"access",
"arch_prctl",
"bind",
"brk",
"chdir",
"chmod",
"chown",
"clock_getres",
"clock_gettime",
"clock_nanosleep",
"clone",
"close",
"connect",
"dup",
"dup2",
"epoll_create",
"epoll_create1",
"epoll_ctl",
"epoll_pwait",
"epoll_wait",
"eventfd",
"eventfd2",
"execve",
"exit",
"exit_group",
"faccessat",
"fchdir",
"fchmod",
"fchown",
"fcntl",
"fdatasync",
"fstat",
"fstatfs",
"fsync",
"ftruncate",
"futex",
"getcwd",
"getdents",
"getdents64",
"getegid",
"geteuid",
"getgid",
"getgroups",
"getpeername",
"getpgrp",
"getpid",
"getppid",
"getpriority",
"getrandom",
"getrlimit",
"getrusage",
"getsid",
"getsockname",
"getsockopt",
"gettid",
"gettimeofday",
"getuid",
"getxattr",
"ioctl",
"kill",
"lchown",
"lseek",
"lstat",
"madvise",
"memfd_create",
"mkdir",
"mmap",
"mprotect",
"mremap",
"munmap",
"nanosleep",
"newfstatat",
"open",
"openat",
"pipe",
"pipe2",
"poll",
"ppoll",
"prctl",
"pread64",
"preadv",
"prlimit64",
"pselect6",
"pwrite64",
"pwritev",
"read",
"readlink",
"readlinkat",
"readv",
"recvfrom",
"recvmsg",
"rename",
"renameat",
"rmdir",
"rt_sigaction",
"rt_sigpending",
"rt_sigprocmask",
"rt_sigreturn",
"rt_sigsuspend",
"rt_sigtimedwait",
"sched_getaffinity",
"sched_yield",
"select",
"sendmsg",
"sendto",
"set_robust_list",
"set_tid_address",
"setgroups",
"setitimer",
"setpriority",
"setsid",
"setsockopt",
"shutdown",
"sigaltstack",
"socket",
"socketpair",
"stat",
"statfs",
"symlink",
"symlinkat",
"tgkill",
"time",
"timerfd_create",
"timerfd_settime",
"times",
"tkill",
"truncate",
"uname",
"unlink",
"unlinkat",
"utime",
"utimensat",
"utimes",
"wait4",
"waitid",
"write",
"writev"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {},
"excludes": {}
},
{
"names": [
"ptrace",
"perf_event_open",
"bpf",
"userfaultfd",
"process_vm_readv",
"process_vm_writev",
"kcmp",
"add_key",
"keyctl",
"request_key",
"kexec_load",
"kexec_file_load",
"init_module",
"finit_module",
"delete_module",
"ioperm",
"iopl",
"swapon",
"swapoff",
"syslog",
"_sysctl",
"acct",
"reboot",
"set_mempolicy",
"get_mempolicy",
"mbind",
"move_pages",
"migrate_pages",
"mount",
"umount",
"umount2",
"pivot_root",
"chroot",
"unshare",
"setns",
"lookup_dcookie",
"name_to_handle_at",
"open_by_handle_at",
"fanotify_init",
"fanotify_mark",
"settimeofday",
"stime",
"clock_settime",
"clock_adjtime",
"nfsservctl",
"quotactl",
"quotactl_fd"
],
"action": "SCMP_ACT_ERRNO",
"errnoRet": 1,
"comment": "Block dangerous syscalls that could escape sandbox or affect system"
}
],
"comment": "Enhanced seccomp profile for code-executor-mcp - allows necessary syscalls for Node.js, Deno, and Python execution while explicitly blocking dangerous operations (ptrace, bpf, perf_event_open, kernel modules, mount, etc.)"
}