diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json index 80213ddaca..f929fd0fa5 100644 --- a/profiles/seccomp/default.json +++ b/profiles/seccomp/default.json @@ -48,6 +48,10 @@ "subArchitectures": [ "SCMP_ARCH_S390" ] + }, + { + "architecture": "SCMP_ARCH_RISCV64", + "subArchitectures": null } ], "syscalls": [ @@ -540,6 +544,17 @@ ] } }, + { + "names": [ + "riscv_flush_icache" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "arches": [ + "riscv64" + ] + } + }, { "names": [ "open_by_handle_at" diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go index e51f1018aa..f314fd59cc 100644 --- a/profiles/seccomp/default_linux.go +++ b/profiles/seccomp/default_linux.go @@ -38,6 +38,10 @@ func arches() []Architecture { Arch: specs.ArchS390X, SubArches: []specs.Arch{specs.ArchS390}, }, + { + Arch: specs.ArchRISCV64, + SubArches: nil, + }, } } @@ -533,6 +537,17 @@ func DefaultProfile() *Seccomp { Arches: []string{"s390", "s390x"}, }, }, + { + LinuxSyscall: specs.LinuxSyscall{ + Names: []string{ + "riscv_flush_icache", + }, + Action: specs.ActAllow, + }, + Includes: &Filter{ + Arches: []string{"riscv64"}, + }, + }, { LinuxSyscall: specs.LinuxSyscall{ Names: []string{