Merge pull request #4957 from thaJeztah/update_seccomp_profile

profiles: seccomp: update to Linux 5.11 syscall list
2021-01-22 18:22:23 +09:00
parent 809635b602 e1445dff12
commit 0bbbc59b97
1 changed files with 9 additions and 0 deletions
--- a/contrib/seccomp/seccomp_default.go
+++ b/contrib/seccomp/seccomp_default.go
@@ -74,6 +74,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"clock_nanosleep",
 				"clock_nanosleep_time64",
 				"close",
+				"close_range",
 				"connect",
 				"copy_file_range",
 				"creat",
@@ -85,6 +86,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"epoll_ctl",
 				"epoll_ctl_old",
 				"epoll_pwait",
+				"epoll_pwait2",
 				"epoll_wait",
 				"epoll_wait_old",
 				"eventfd",
@@ -525,9 +527,15 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 					"bpf",
 					"clone",
 					"fanotify_init",
+					"fsconfig",
+					"fsmount",
+					"fsopen",
+					"fspick",
 					"lookup_dcookie",
 					"mount",
+					"move_mount",
 					"name_to_handle_at",
+					"open_tree",
 					"perf_event_open",
 					"quotactl",
 					"setdomainname",
@@ -574,6 +582,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				Names: []string{
 					"kcmp",
 					"pidfd_getfd",
+					"process_madvise",
 					"process_vm_readv",
 					"process_vm_writev",
 					"ptrace",