System calls allowed by CodeSafe 5 SEE machines

SEE machines are restricted to a subset of Linux system calls they can execute.

Attempting to execute any other system call will return -1 and set errno to ENOSYS.

Allowed system calls

1 __NR_exit

2 __NR_fork

3 __NR_read

4 __NR_write

5 __NR_open

6 __NR_close

7 __NR_waitpid

8 __NR_creat

9 __NR_link

10 __NR_unlink

11 __NR_execve

12 __NR_chdir

13 __NR_time

15 __NR_chmod

16 __NR_lchown

19 __NR_lseek

20 __NR_getpid

24 __NR_getuid

27 __NR_alarm

29 __NR_pause

30 __NR_utime

33 __NR_access

34 __NR_nice

36 __NR_sync

37 __NR_kill

38 __NR_rename

39 __NR_mkdir

40 __NR_rmdir

41 __NR_dup

42 __NR_pipe

43 __NR_times

45 __NR_brk

47 __NR_getgid

49 __NR_geteuid

50 __NR_getegid

54 __NR_ioctl

55 __NR_fcntl

57 __NR_setpgid

60 __NR_umask

63 __NR_dup2

64 __NR_getppid

65 __NR_getpgrp

66 __NR_setsid

75 __NR_setrlimit

77 __NR_getrusage

78 __NR_gettimeofday

80 __NR_getgroups

83 __NR_symlink

85 __NR_readlink

88 __NR_reboot

90 __NR_mmap

91 __NR_munmap

92 __NR_truncate

93 __NR_ftruncate

94 __NR_fchmod

95 __NR_fchown

96 __NR_getpriority

97 __NR_setpriority

99 __NR_statfs

100 __NR_fstatfs

102 __NR_socketcall

104 __NR_setitimer

105 __NR_getitimer

106 __NR_stat

107 __NR_lstat

108 __NR_fstat

114 __NR_wait4

117 __NR_ipc

118 __NR_fsync

120 __NR_clone

122 __NR_uname

125 __NR_mprotect

132 __NR_getpgid

133 __NR_fchdir

140 __NR__llseek

141 __NR_getdents

142 __NR__newselect

143 __NR_flock

144 __NR_msync

145 __NR_readv

146 __NR_writev

147 __NR_getsid

148 __NR_fdatasync

158 __NR_sched_yield

162 __NR_nanosleep

163 __NR_mremap

167 __NR_poll

172 __NR_rt_sigreturn

173 __NR_rt_sigaction

174 __NR_rt_sigprocmask

175 __NR_rt_sigpending

176 __NR_rt_sigtimedwait

177 __NR_rt_sigqueueinfo

178 __NR_rt_sigsuspend

179 __NR_pread64

180 __NR_pwrite64

181 __NR_chown

182 __NR_getcwd

185 __NR_sigaltstack

186 __NR_sendfile

190 __NR_ugetrlimit

202 __NR_getdents64

205 __NR_madvise

207 __NR_gettid

208 __NR_tkill

221 __NR_futex

232 __NR_set_tid_address

234 __NR_exit_group

236 __NR_epoll_create

237 __NR_epoll_ctl

238 __NR_epoll_wait

246 __NR_clock_gettime

247 __NR_clock_getres

248 __NR_clock_nanosleep

250 __NR_tgkill

251 __NR_utimes

252 __NR_statfs64

253 __NR_fstatfs64

272 __NR_waitid

280 __NR_pselect6

281 __NR_ppoll

286 __NR_openat

287 __NR_mkdirat

289 __NR_fchownat

291 __NR_newfstatat

292 __NR_unlinkat

293 __NR_renameat

294 __NR_linkat

295 __NR_symlinkat

296 __NR_readlinkat

297 __NR_fchmodat

298 __NR_faccessat

303 __NR_epoll_pwait

304 __NR_utimensat

307 __NR_eventfd

309 __NR_fallocate

315 __NR_epoll_create1

316 __NR_dup3

317 __NR_pipe2

320 __NR_preadv

321 __NR_pwritev

322 __NR_rt_tgsigqueueinfo

325 __NR_prlimit64

326 __NR_socket

327 __NR_bind

328 __NR_connect

329 __NR_listen

330 __NR_accept

331 __NR_getsockname

332 __NR_getpeername

333 __NR_socketpair

334 __NR_send

335 __NR_sendto

336 __NR_recv

337 __NR_recvfrom

338 __NR_shutdown

339 __NR_setsockopt

340 __NR_getsockopt

341 __NR_sendmsg

342 __NR_recvmsg

343 __NR_recvmmsg

344 __NR_accept4

348 __NR_syncfs

349 __NR_sendmmsg

357 __NR_renameat2

362 __NR_execveat

365 __NR_membarrier

380 __NR_preadv2

381 __NR_pwritev2

383 __NR_statx

The getrandom syscall is not supported in CodeSafe 5 and will set ENOSYS. Use either the Cmd_GenerateRandom nCore command, or /dev/random or /dev/urandom within the CodeSafe 5 application in order to obtain HSM RNG instead.