seccomp: kernel 5.12 (mount_setattr)

Allow `mount_setattr` when `CAP_SYS_ADMIN` is granted. See https://man7.org/linux/man-pages/man2/mount_setattr.2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-01-31 15:28:11 +09:00 · 2022-01-31 15:28:11 +09:00 · 1329ea3716
commit 1329ea3716
parent 52b8ca5545
1 changed files with 1 additions and 0 deletions
--- a/contrib/seccomp/seccomp_default.go
+++ b/contrib/seccomp/seccomp_default.go
@ -537,6 +537,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 					"fspick",
 					"lookup_dcookie",
 					"mount",
 					"mount_setattr",
 					"move_mount",
 					"name_to_handle_at",
 					"open_tree",