seccomp: support riscv64

Corresponds to containerd PR 6882 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-05-02 17:08:56 +09:00 · 2022-05-02 17:08:56 +09:00 · 4c2f18f6cc
commit 4c2f18f6cc
parent 2ed904cad7
2 changed files with 30 additions and 0 deletions
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@ -48,6 +48,10 @@
 			"subArchitectures": [
 				"SCMP_ARCH_S390"
 			]
+		},
+		{
+			"architecture": "SCMP_ARCH_RISCV64",
+			"subArchitectures": null
 		}
 	],
 	"syscalls": [
@ -540,6 +544,17 @@
 				]
 			}
 		},
+		{
+			"names": [
+				"riscv_flush_icache"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"includes": {
+				"arches": [
+					"riscv64"
+				]
+			}
+		},
 		{
 			"names": [
 				"open_by_handle_at"
--- a/profiles/seccomp/default_linux.go
+++ b/profiles/seccomp/default_linux.go
@ -38,6 +38,10 @@ func arches() []Architecture {
 			Arch:      specs.ArchS390X,
 			SubArches: []specs.Arch{specs.ArchS390},
 		},
+		{
+			Arch:      specs.ArchRISCV64,
+			SubArches: nil,
+		},
 	}
 }

@ -533,6 +537,17 @@ func DefaultProfile() *Seccomp {
 				Arches: []string{"s390", "s390x"},
 			},
 		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"riscv_flush_icache",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Arches: []string{"riscv64"},
+			},
+		},
 		{
 			LinuxSyscall: specs.LinuxSyscall{
 				Names: []string{