---
apiVersion: security-profiles-operator.x-k8s.io/v1beta1
kind: SeccompProfile
metadata:
  name: confine-nginx-explicit-deny
  namespace: seccomp-test
spec:
  defaultAction: SCMP_ACT_ALLOW
  architectures:
  - SCMP_ARCH_X86_64
  - SCMP_ARCH_X86
  - SCMP_ARCH_X32
  syscalls:
  - action: SCMP_ACT_ERRNO
    names:
    - msync
    - mincore
    - shmctl
    - pause
    - getitimer
    - getpeername
    - fork
    - semget
    - semop
    - semctl
    - msgget
    - msgsnd
    - msgrcv
    - msgctl
    - flock
    - truncate
    - symlink
    - lchown
    - ptrace
    - syslog
    - setreuid
    - setregid
    - getpgid
    - setfsuid
    - setfsgid
    - rt_sigpending
    - rt_sigqueueinfo
    - utime
    - mknod
    - personality
    - ustat
    - sysfs
    - getpriority
    - sched_rr_get_interval
    - munlock
    - mlockall
    - munlockall
    - vhangup
    - modify_ldt
    - pivot_root
    - adjtimex
    - sync
    - acct
    - settimeofday
    - swapon
    - swapoff
    - reboot
    - iopl
    - ioperm
    - init_module
    - delete_module
    - quotactl
    - readahead
    - tkill
    - set_thread_area
    - io_submit
    - io_cancel
    - get_thread_area
    - lookup_dcookie
    - remap_file_pages
    - restart_syscall
    - semtimedop
    - timer_create
    - timer_settime
    - timer_gettime
    - timer_getoverrun
    - timer_delete
    - mbind
    - set_mempolicy
    - get_mempolicy
    - mq_open
    - mq_unlink
    - mq_timedsend
    - mq_timedreceive
    - mq_notify
    - mq_getsetattr
    - kexec_load
    - add_key
    - ioprio_set
    - ioprio_get
    - inotify_init
    - migrate_pages
    - mkdirat
    - mknodat
    - fchownat
    - futimesat
    - renameat
    - linkat
    - symlinkat
    - fchmodat
    - pselect6
    - unshare
    - get_robust_list
    - tee
    - sync_file_range
    - vmsplice
    - move_pages
    - signalfd
    - eventfd
    - timerfd_gettime
    - dup3
    - preadv
    - rt_tgsigqueueinfo
    - perf_event_open
    - recvmmsg
    - fanotify_init
    - fanotify_mark
    - open_by_handle_at
    - clock_adjtime
    - syncfs
    - sendmmsg
    - getcpu
    - process_vm_readv
    - process_vm_writev
    - kcmp
    - finit_module
    - sched_setattr
    - sched_getattr
    - renameat2
    - seccomp
    - kexec_file_load
    - bpf
    - userfaultfd
    - membarrier
    - statx