From 4506eb45bf4015ba00202008e207b0313539f0dc Mon Sep 17 00:00:00 2001
From: Avi Kivity <avi@scylladb.com>
Date: Tue, 19 Mar 2019 11:55:20 +0200
Subject: [PATCH] seccomp: whitelist io_pgetevents

io_pgetevents() is a new Linux system call, similar to the already-whitelisted
io_getevents(). It has no security implications. Whitelist it so applications can
use the new system call.

Fixes #3105.

Signed-off-by: Avi Kivity <avi@scylladb.com>
---
 contrib/seccomp/seccomp_default.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/seccomp/seccomp_default.go b/contrib/seccomp/seccomp_default.go
index 11b446a6e..da0e43295 100644
--- a/contrib/seccomp/seccomp_default.go
+++ b/contrib/seccomp/seccomp_default.go
@@ -161,6 +161,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"ioctl",
 				"io_destroy",
 				"io_getevents",
+				"io_pgetevents",
 				"ioprio_get",
 				"ioprio_set",
 				"io_setup",