Merge pull request #7693 from hoyosjs/juhoyosa/enable-ptrace-proc-vm-apis

Add process_vm read and write calls to default seccomp profile
2022-11-21 12:02:42 -08:00
parent 49251e4de6 e224f77eb7
commit 20cb9a9fd8
1 changed files with 5 additions and 1 deletions
--- a/contrib/seccomp/seccomp_default.go
+++ b/contrib/seccomp/seccomp_default.go
@@ -489,7 +489,11 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 		kernelversion.KernelVersion{Kernel: 4, Major: 8}); err == nil {
 		if ok {
 			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
-				Names:  []string{"ptrace"},
+				Names: []string{
+					"process_vm_read",
+					"process_vm_write",
+					"ptrace",
+				},
 				Action: specs.ActAllow,
 				Args:   []specs.LinuxSeccompArg{},
 			})