From 325bac7c718389b31ed3d4d6036d0416b7a47372 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 24 Aug 2020 12:54:04 +0200
Subject: [PATCH] seccomp: allow io-uring related system calls

Adds the io-uring related system call introduced in kernel 5.1 to the
seccomp whitelist. With older kernels or older versions of libseccomp,
this configure will be omitted.

Note that io_uring will grow support for more syscalls in the future
so we should keep an eye on this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 contrib/seccomp/seccomp_default.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/contrib/seccomp/seccomp_default.go b/contrib/seccomp/seccomp_default.go
index 2adb1c937..5ca86efc4 100644
--- a/contrib/seccomp/seccomp_default.go
+++ b/contrib/seccomp/seccomp_default.go
@@ -174,6 +174,9 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"ioprio_set",
 				"io_setup",
 				"io_submit",
+				"io_uring_enter",
+				"io_uring_register",
+				"io_uring_setup",
 				"ipc",
 				"kill",
 				"lchown",