From 1329ea3716c661fc655111bdff56e2d93a469cd5 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Mon, 31 Jan 2022 15:28:11 +0900
Subject: [PATCH] seccomp: kernel 5.12 (mount_setattr)

Allow `mount_setattr` when `CAP_SYS_ADMIN` is granted.

See https://man7.org/linux/man-pages/man2/mount_setattr.2.html

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 contrib/seccomp/seccomp_default.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/seccomp/seccomp_default.go b/contrib/seccomp/seccomp_default.go
index 6515d38b6..7f7cc47eb 100644
--- a/contrib/seccomp/seccomp_default.go
+++ b/contrib/seccomp/seccomp_default.go
@@ -537,6 +537,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 					"fspick",
 					"lookup_dcookie",
 					"mount",
+					"mount_setattr",
 					"move_mount",
 					"name_to_handle_at",
 					"open_tree",