Merge pull request #43991 from thaJeztah/20.10_seccomp_updates

[20.10 backport] seccomp updates
moby · Aug 18, 2022 · 62fd718 · 62fd718
2 parents 7d4cc78 + d127287
commit 62fd718
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
@@ -126,6 +126,7 @@
 				"ftruncate64",
 				"futex",
 				"futex_time64",
+				"futex_waitv",
 				"futimesat",
 				"getcpu",
 				"getcwd",
@@ -182,6 +183,9 @@
 				"io_uring_setup",
 				"ipc",
 				"kill",
+				"landlock_add_rule",
+				"landlock_create_ruleset",
+				"landlock_restrict_self",
 				"lchown",
 				"lchown32",
 				"lgetxattr",
@@ -199,6 +203,7 @@
 				"madvise",
 				"membarrier",
 				"memfd_create",
+				"memfd_secret",
 				"mincore",
 				"mkdir",
 				"mkdirat",
@@ -246,6 +251,7 @@
 				"preadv",
 				"preadv2",
 				"prlimit64",
+				"process_mrelease",
 				"pselect6",
 				"pselect6_time64",
 				"pwrite64",
@@ -599,11 +605,13 @@
 				"fspick",
 				"lookup_dcookie",
 				"mount",
+				"mount_setattr",
 				"move_mount",
 				"name_to_handle_at",
 				"open_tree",
 				"perf_event_open",
 				"quotactl",
+				"quotactl_fd",
 				"setdomainname",
 				"sethostname",
 				"setns",

diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
@@ -121,6 +121,7 @@ func DefaultProfile() *Seccomp {
 				"ftruncate64",
 				"futex",
 				"futex_time64",
+				"futex_waitv",
 				"futimesat",
 				"getcpu",
 				"getcwd",
@@ -177,6 +178,9 @@ func DefaultProfile() *Seccomp {
 				"io_uring_setup",
 				"ipc",
 				"kill",
+				"landlock_add_rule",
+				"landlock_create_ruleset",
+				"landlock_restrict_self",
 				"lchown",
 				"lchown32",
 				"lgetxattr",
@@ -194,6 +198,7 @@ func DefaultProfile() *Seccomp {
 				"madvise",
 				"membarrier",
 				"memfd_create",
+				"memfd_secret",
 				"mincore",
 				"mkdir",
 				"mkdirat",
@@ -241,6 +246,7 @@ func DefaultProfile() *Seccomp {
 				"preadv",
 				"preadv2",
 				"prlimit64",
+				"process_mrelease",
 				"pselect6",
 				"pselect6_time64",
 				"pwrite64",
@@ -532,11 +538,13 @@ func DefaultProfile() *Seccomp {
 				"fspick",
 				"lookup_dcookie",
 				"mount",
+				"mount_setattr",
 				"move_mount",
 				"name_to_handle_at",
 				"open_tree",
 				"perf_event_open",
 				"quotactl",
+				"quotactl_fd",
 				"setdomainname",
 				"sethostname",
 				"setns",