Merge pull request #43199 from Xyene/allow-landlock

seccomp: add support for Landlock syscalls in default policy

profiles/seccomp/default.json

@@ -183,6 +183,9 @@
 				"io_uring_setup",
 				"ipc",
 				"kill",
+				"landlock_add_rule",
+				"landlock_create_ruleset",
+				"landlock_restrict_self",
 				"lchown",
 				"lchown32",
 				"lgetxattr",

profiles/seccomp/default_linux.go

@@ -175,6 +175,9 @@ func DefaultProfile() *Seccomp {
 					"io_uring_setup",
 					"ipc",
 					"kill",
+					"landlock_add_rule",
+					"landlock_create_ruleset",
+					"landlock_restrict_self",
 					"lchown",
 					"lchown32",
 					"lgetxattr",