seccomp: Use explicit DefaultErrnoRet

Since commit "seccomp: Sync fields with runtime-spec fields"
(5d244675bdb23e8fce427036c03517243f344cd4) we support to specify the
DefaultErrnoRet to be used.

Before that commit it was not specified and EPERM was used by default.
This commit keeps the same behaviour but just makes it explicit that the
default is EPERM.

Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>

profiles/seccomp/default.json

@@ -1,5 +1,6 @@
 {
 	"defaultAction": "SCMP_ACT_ERRNO",
+	"defaultErrnoRet": 1,
 	"archMap": [
 		{
 			"architecture": "SCMP_ARCH_X86_64",

profiles/seccomp/default_linux.go

@@ -739,9 +739,11 @@ func DefaultProfile() *Seccomp {
 		},
 	}
 
+	errnoRet := uint(unix.EPERM)
 	return &Seccomp{
 		LinuxSeccomp: specs.LinuxSeccomp{
-			DefaultAction: specs.ActErrno,
+			DefaultAction:   specs.ActErrno,
+			DefaultErrnoRet: &errnoRet,
 		},
 		ArchMap:  arches(),
 		Syscalls: syscalls,

profiles/seccomp/fixtures/example.json

@@ -1,5 +1,6 @@
 {
     "defaultAction": "SCMP_ACT_ERRNO",
+    "defaultErrnoRet": 1,
     "syscalls": [
         {
             "name": "clone",

profiles/seccomp/seccomp_test.go

@@ -23,8 +23,10 @@ func TestLoadProfile(t *testing.T) {
 		t.Fatal(err)
 	}
 	var expectedErrno uint = 12345
+	var expectedDefaultErrno uint = 1
 	expected := specs.LinuxSeccomp{
-		DefaultAction: specs.ActErrno,
+		DefaultAction:   specs.ActErrno,
+		DefaultErrnoRet: &expectedDefaultErrno,
 		Syscalls: []specs.LinuxSyscall{
 			{
 				Names:  []string{"clone"},