System calls allowed by CodeSafe 5 SEE machines

SEE machines are restricted to a subset of Linux system calls they can execute.

Attempting to execute any other system call will return -1 and set errno to ENOSYS.

Allowed system calls
1 __NR_exit	2 __NR_fork
3 __NR_read	4 __NR_write
5 __NR_open	6 __NR_close
7 __NR_waitpid	8 __NR_creat
9 __NR_link	10 __NR_unlink
11 __NR_execve	12 __NR_chdir
13 __NR_time	15 __NR_chmod
16 __NR_lchown	19 __NR_lseek
20 __NR_getpid	24 __NR_getuid
27 __NR_alarm	29 __NR_pause
30 __NR_utime	33 __NR_access
34 __NR_nice	36 __NR_sync
37 __NR_kill	38 __NR_rename
39 __NR_mkdir	40 __NR_rmdir
41 __NR_dup	42 __NR_pipe
43 __NR_times	45 __NR_brk
47 __NR_getgid	49 __NR_geteuid
50 __NR_getegid	54 __NR_ioctl
55 __NR_fcntl	57 __NR_setpgid
60 __NR_umask	63 __NR_dup2
64 __NR_getppid	65 __NR_getpgrp
66 __NR_setsid	75 __NR_setrlimit
77 __NR_getrusage	78 __NR_gettimeofday
80 __NR_getgroups	83 __NR_symlink
85 __NR_readlink	88 __NR_reboot
90 __NR_mmap	91 __NR_munmap
92 __NR_truncate	93 __NR_ftruncate
94 __NR_fchmod	95 __NR_fchown
96 __NR_getpriority	97 __NR_setpriority
99 __NR_statfs	100 __NR_fstatfs
102 __NR_socketcall	104 __NR_setitimer
105 __NR_getitimer	106 __NR_stat
107 __NR_lstat	108 __NR_fstat
114 __NR_wait4	117 __NR_ipc
118 __NR_fsync	120 __NR_clone
122 __NR_uname	125 __NR_mprotect
132 __NR_getpgid	133 __NR_fchdir
140 __NR__llseek	141 __NR_getdents
142 __NR__newselect	143 __NR_flock
144 __NR_msync	145 __NR_readv
146 __NR_writev	147 __NR_getsid
148 __NR_fdatasync	158 __NR_sched_yield
162 __NR_nanosleep	163 __NR_mremap
167 __NR_poll	172 __NR_rt_sigreturn
173 __NR_rt_sigaction	174 __NR_rt_sigprocmask
175 __NR_rt_sigpending	176 __NR_rt_sigtimedwait
177 __NR_rt_sigqueueinfo	178 __NR_rt_sigsuspend
179 __NR_pread64	180 __NR_pwrite64
181 __NR_chown	182 __NR_getcwd
185 __NR_sigaltstack	186 __NR_sendfile
190 __NR_ugetrlimit	202 __NR_getdents64
205 __NR_madvise	207 __NR_gettid
208 __NR_tkill	221 __NR_futex
232 __NR_set_tid_address	234 __NR_exit_group
236 __NR_epoll_create	237 __NR_epoll_ctl
238 __NR_epoll_wait	246 __NR_clock_gettime
247 __NR_clock_getres	248 __NR_clock_nanosleep
250 __NR_tgkill	251 __NR_utimes
252 __NR_statfs64	253 __NR_fstatfs64
272 __NR_waitid	280 __NR_pselect6
281 __NR_ppoll	286 __NR_openat
287 __NR_mkdirat	289 __NR_fchownat
291 __NR_newfstatat	292 __NR_unlinkat
293 __NR_renameat	294 __NR_linkat
295 __NR_symlinkat	296 __NR_readlinkat
297 __NR_fchmodat	298 __NR_faccessat
303 __NR_epoll_pwait	304 __NR_utimensat
307 __NR_eventfd	309 __NR_fallocate
315 __NR_epoll_create1	316 __NR_dup3
317 __NR_pipe2	320 __NR_preadv
321 __NR_pwritev	322 __NR_rt_tgsigqueueinfo
325 __NR_prlimit64	326 __NR_socket
327 __NR_bind	328 __NR_connect
329 __NR_listen	330 __NR_accept
331 __NR_getsockname	332 __NR_getpeername
333 __NR_socketpair	334 __NR_send
335 __NR_sendto	336 __NR_recv
337 __NR_recvfrom	338 __NR_shutdown
339 __NR_setsockopt	340 __NR_getsockopt
341 __NR_sendmsg	342 __NR_recvmsg
343 __NR_recvmmsg	344 __NR_accept4
348 __NR_syncfs	349 __NR_sendmmsg
357 __NR_renameat2	362 __NR_execveat
365 __NR_membarrier	380 __NR_preadv2
381 __NR_pwritev2	383 __NR_statx

Allowed system calls

1 __NR_exit

2 __NR_fork

3 __NR_read

4 __NR_write

5 __NR_open

6 __NR_close

7 __NR_waitpid

8 __NR_creat

9 __NR_link

10 __NR_unlink

11 __NR_execve

12 __NR_chdir

13 __NR_time

15 __NR_chmod

16 __NR_lchown

19 __NR_lseek

20 __NR_getpid

24 __NR_getuid

27 __NR_alarm

29 __NR_pause

30 __NR_utime

33 __NR_access

34 __NR_nice

36 __NR_sync

37 __NR_kill

38 __NR_rename

39 __NR_mkdir

40 __NR_rmdir

41 __NR_dup

42 __NR_pipe

43 __NR_times

45 __NR_brk

47 __NR_getgid

49 __NR_geteuid

50 __NR_getegid

54 __NR_ioctl

55 __NR_fcntl

57 __NR_setpgid

60 __NR_umask

63 __NR_dup2

64 __NR_getppid

65 __NR_getpgrp

66 __NR_setsid

75 __NR_setrlimit

77 __NR_getrusage

78 __NR_gettimeofday

80 __NR_getgroups

83 __NR_symlink

85 __NR_readlink

88 __NR_reboot

90 __NR_mmap

91 __NR_munmap

92 __NR_truncate

93 __NR_ftruncate

94 __NR_fchmod

95 __NR_fchown

96 __NR_getpriority

97 __NR_setpriority

99 __NR_statfs

100 __NR_fstatfs

102 __NR_socketcall

104 __NR_setitimer

105 __NR_getitimer

106 __NR_stat

107 __NR_lstat

108 __NR_fstat

114 __NR_wait4

117 __NR_ipc

118 __NR_fsync

120 __NR_clone

122 __NR_uname

125 __NR_mprotect

132 __NR_getpgid

133 __NR_fchdir

140 __NR__llseek

141 __NR_getdents

142 __NR__newselect

143 __NR_flock

144 __NR_msync

145 __NR_readv

146 __NR_writev

147 __NR_getsid

148 __NR_fdatasync

158 __NR_sched_yield

162 __NR_nanosleep

163 __NR_mremap

167 __NR_poll

172 __NR_rt_sigreturn

173 __NR_rt_sigaction

174 __NR_rt_sigprocmask

175 __NR_rt_sigpending

176 __NR_rt_sigtimedwait

177 __NR_rt_sigqueueinfo

178 __NR_rt_sigsuspend

179 __NR_pread64

180 __NR_pwrite64

181 __NR_chown

182 __NR_getcwd

185 __NR_sigaltstack

186 __NR_sendfile

190 __NR_ugetrlimit

202 __NR_getdents64

205 __NR_madvise

207 __NR_gettid

208 __NR_tkill

221 __NR_futex

232 __NR_set_tid_address

234 __NR_exit_group

236 __NR_epoll_create

237 __NR_epoll_ctl

238 __NR_epoll_wait

246 __NR_clock_gettime

247 __NR_clock_getres

248 __NR_clock_nanosleep

250 __NR_tgkill

251 __NR_utimes

252 __NR_statfs64

253 __NR_fstatfs64

272 __NR_waitid

280 __NR_pselect6

281 __NR_ppoll

286 __NR_openat

287 __NR_mkdirat

289 __NR_fchownat

291 __NR_newfstatat

292 __NR_unlinkat

293 __NR_renameat

294 __NR_linkat

295 __NR_symlinkat

296 __NR_readlinkat

297 __NR_fchmodat

298 __NR_faccessat

303 __NR_epoll_pwait

304 __NR_utimensat

307 __NR_eventfd

309 __NR_fallocate

315 __NR_epoll_create1

316 __NR_dup3

317 __NR_pipe2

320 __NR_preadv

321 __NR_pwritev

322 __NR_rt_tgsigqueueinfo

325 __NR_prlimit64

326 __NR_socket

327 __NR_bind

328 __NR_connect

329 __NR_listen

330 __NR_accept

331 __NR_getsockname

332 __NR_getpeername

333 __NR_socketpair

334 __NR_send

335 __NR_sendto

336 __NR_recv

337 __NR_recvfrom

338 __NR_shutdown

339 __NR_setsockopt

340 __NR_getsockopt

341 __NR_sendmsg

342 __NR_recvmsg

343 __NR_recvmmsg

344 __NR_accept4

348 __NR_syncfs

349 __NR_sendmmsg

357 __NR_renameat2

362 __NR_execveat

365 __NR_membarrier

380 __NR_preadv2

381 __NR_pwritev2

383 __NR_statx

The getrandom syscall is not supported in CodeSafe 5 and will set ENOSYS. Use either the Cmd_GenerateRandom nCore command, or /dev/random or /dev/urandom within the CodeSafe 5 application in order to obtain HSM RNG instead.