From 5cdb6e81d2c6889355a917890b3c441de15a762d Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 24 Aug 2020 12:40:43 +0200
Subject: [PATCH] seccomp: allow quotactl with CAP_SYS_ADMIN

This allows the quotactl syscall in the default seccomp profile, gated by
CAP_SYS_ADMIN.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 contrib/seccomp/seccomp_default.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/seccomp/seccomp_default.go b/contrib/seccomp/seccomp_default.go
index 0dfdcd4c9..95a3a3118 100644
--- a/contrib/seccomp/seccomp_default.go
+++ b/contrib/seccomp/seccomp_default.go
@@ -525,6 +525,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 					"mount",
 					"name_to_handle_at",
 					"perf_event_open",
+					"quotactl",
 					"setdomainname",
 					"sethostname",
 					"setns",