adding support of CAP_BPF and CAP_PERFMON

Signed-off-by: Henry Wang <henwang@amazon.com> (cherry picked from commit 4390751) Signed-off-by: Swagat Bora <sbora@amazon.com>
containerd · Oct 22, 2022 · 346412f · 346412f
1 parent 8b9c35a
commit 346412f
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/contrib/seccomp/seccomp_default.go b/contrib/seccomp/seccomp_default.go
@@ -658,6 +658,18 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				Action: specs.ActAllow,
 				Args:   []specs.LinuxSeccompArg{},
 			})
+		case "CAP_BPF":
+			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
+				Names:  []string{"bpf"},
+				Action: specs.ActAllow,
+				Args:   []specs.LinuxSeccompArg{},
+			})
+		case "CAP_PERFMON":
+			s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
+				Names:  []string{"perf_event_open"},
+				Action: specs.ActAllow,
+				Args:   []specs.LinuxSeccompArg{},
+			})
 		}
 	}