From eceeae4d7c0a6cbac5b88d579ef2997495e63204 Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Sat, 5 Mar 2016 22:10:12 +0000
Subject: [PATCH] Add ipc syscall to default seccomp profile

On 32 bit x86 this is a multiplexing syscall for the system V
ipc syscalls such as shmget, and so needs to be allowed for
shared memory access for 32 bit binaries.

Fixes #20733

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 31410a6d79fc4ea6fa496636015bf9f53c1c8b14)
---
 daemon/execdriver/native/seccomp_default.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/daemon/execdriver/native/seccomp_default.go b/daemon/execdriver/native/seccomp_default.go
index a3b4028359..572e3b0280 100644
--- a/daemon/execdriver/native/seccomp_default.go
+++ b/daemon/execdriver/native/seccomp_default.go
@@ -624,6 +624,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "ipc",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "kill",
 			Action: configs.Allow,