Simple x64 Linux binary to enumerate syscalls.
Currently it statically links seccomp, so that this can be run on systems that lack seccomp libraries.
I plan to add more functionality to this tool:
- support for compiling with shared seccomp (reduces binary size greatly)
Example:
$ ./syscallenum | sort | uniq
000|read|allowed|Success|0
001|write|allowed|Success|0
002|open|allowed|Bad address|14
003|close|allowed|Success|0
004|stat|allowed|Bad address|14
005|fstat|allowed|Bad address|14
006|lstat|allowed|Bad address|14
007|poll|allowed|Success|0
008|lseek|allowed|Illegal seek|29
009|mmap|allowed|Invalid argument|22
[.......]
319|memfd_create|allowed|Function not implemented|38
320|kexec_file_load|allowed|Function not implemented|38
321|bpf|allowed|Function not implemented|38
322|execveat|allowed|Function not implemented|38
323|userfaultfd|allowed|Function not implemented|38
324|membarrier|allowed|Function not implemented|38
325|mlock2|allowed|Function not implemented|38
326|copy_file_range|allowed|Function not implemented|38
327|
328|
Note the currently non-existent syscalls of 327 and 328 return nothing, which indicates they are not valid.
To show only filtered syscalls:
./syscallenum -f
To show only allowed syscalls:
./syscallenum -a
When run without parameters syscallenum will return allowed, filtered, and non-existent syscall results