I also wrote a little Python tool that iterates through syscall tracepoint declarations in debugfs (/sys/kernel/debug) and lists available syscalls and their arguments available in your currently running system:
> desbma/shh generates SyscallFilter and other systemd unit rules from straces similar to how audit2allow generates SELinux policies by grepping for AVC denials in permissive mode
tanelpoder|1 month ago
https://tanelpoder.com/posts/list-linux-system-call-argument...
Debugfs does not show platform-specific syscall internal numbers though (but the stable syscall IDs).
Apparently debugfs does not show all syscalls, excluding "some weird ones" as mentioned by mebeim/systrack author in an earlier HN discussion:
https://news.ycombinator.com/item?id=41018135#41020166
westurner|1 month ago
/? tool to dump a list of all syscalls in a binary on Linux, like nm objdump, transitively searches dynamically linked https://www.google.com/search?q=tool+to+dump+a+list+of+all+s... :
- list-syscalls.rb "A script to statically list syscalls used by a given binary" https://gist.github.com/koute/166f82bfee5e27324077891008fca6...
- "B-Side: Binary-Level Static System Call Identification" (2024) x86-64 https://arxiv.org/abs/2410.18053v1
- Systemd has SyscallFilter=
From https://news.ycombinator.com/item?id=44947469 :
> desbma/shh generates SyscallFilter and other systemd unit rules from straces similar to how audit2allow generates SELinux policies by grepping for AVC denials in permissive mode
desbma/shh: https://github.com/desbma/shh
rwmj|1 month ago
phkahler|1 month ago
https://cosmo.zip/