Merge pull request #41889 from cyphar/seccomp-update

profiles: seccomp: update to Linux 5.11 syscall list

profiles/seccomp/default.json

@@ -74,6 +74,7 @@
 				"clock_nanosleep",
 				"clock_nanosleep_time64",
 				"close",
+				"close_range",
 				"connect",
 				"copy_file_range",
 				"creat",
@@ -85,6 +86,7 @@
 				"epoll_ctl",
 				"epoll_ctl_old",
 				"epoll_pwait",
+				"epoll_pwait2",
 				"epoll_wait",
 				"epoll_wait_old",
 				"eventfd",
@@ -590,9 +592,15 @@
 				"bpf",
 				"clone",
 				"fanotify_init",
+				"fsconfig",
+				"fsmount",
+				"fsopen",
+				"fspick",
 				"lookup_dcookie",
 				"mount",
+				"move_mount",
 				"name_to_handle_at",
+				"open_tree",
 				"perf_event_open",
 				"quotactl",
 				"setdomainname",
@@ -724,6 +732,7 @@
 			"names": [
 				"kcmp",
 				"pidfd_getfd",
+				"process_madvise",
 				"process_vm_readv",
 				"process_vm_writev",
 				"ptrace"

profiles/seccomp/default_linux.go

@@ -67,6 +67,7 @@ func DefaultProfile() *Seccomp {
 				"clock_nanosleep",
 				"clock_nanosleep_time64",
 				"close",
+				"close_range",
 				"connect",
 				"copy_file_range",
 				"creat",
@@ -78,6 +79,7 @@ func DefaultProfile() *Seccomp {
 				"epoll_ctl",
 				"epoll_ctl_old",
 				"epoll_pwait",
+				"epoll_pwait2",
 				"epoll_wait",
 				"epoll_wait_old",
 				"eventfd",
@@ -521,9 +523,15 @@ func DefaultProfile() *Seccomp {
 				"bpf",
 				"clone",
 				"fanotify_init",
+				"fsconfig",
+				"fsmount",
+				"fsopen",
+				"fspick",
 				"lookup_dcookie",
 				"mount",
+				"move_mount",
 				"name_to_handle_at",
+				"open_tree",
 				"perf_event_open",
 				"quotactl",
 				"setdomainname",
@@ -625,6 +633,7 @@ func DefaultProfile() *Seccomp {
 			Names: []string{
 				"kcmp",
 				"pidfd_getfd",
+				"process_madvise",
 				"process_vm_readv",
 				"process_vm_writev",
 				"ptrace",