Merge pull request #7301 from henry118/bpfcap

Adding support of CAP_BPF and CAP_PERFMON
2022-08-18 18:36:38 +08:00 · 2022-08-18 18:36:38 +08:00 · 7c43483601
commit 7c43483601
parent f0e1a27cbd 43907515b4
1 changed files with 12 additions and 0 deletions
--- a/contrib/seccomp/seccomp_default.go
+++ b/contrib/seccomp/seccomp_default.go
@ -671,6 +671,18 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				Action: specs.ActAllow,
 				Args:   []specs.LinuxSeccompArg{},
 			})
+		case "CAP_BPF":
+			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
+				Names:  []string{"bpf"},
+				Action: specs.ActAllow,
+				Args:   []specs.LinuxSeccompArg{},
+			})
+		case "CAP_PERFMON":
+			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
+				Names:  []string{"perf_event_open"},
+				Action: specs.ActAllow,
+				Args:   []specs.LinuxSeccompArg{},
+			})
 		}
 	}