seccomp: add name_to_handle_at to allowlist

Based on the analysis on [the previous PR][1]. [1]: https://github.com/moby/moby/pull/45766#pullrequestreview-1493908145 Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com> (cherry picked from commit b335e3d305) Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-06-28 05:43:22 -06:00 · 2023-06-28 05:43:22 -06:00 · b173b9e739
commit b173b9e739
parent 7f2729ff2c
2 changed files with 2 additions and 0 deletions
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@ -237,6 +237,7 @@
 				"munlock",
 				"munlockall",
 				"munmap",
+				"name_to_handle_at",
 				"nanosleep",
 				"newfstatat",
 				"_newselect",
--- a/profiles/seccomp/default_linux.go
+++ b/profiles/seccomp/default_linux.go
@ -229,6 +229,7 @@ func DefaultProfile() *Seccomp {
 					"munlock",
 					"munlockall",
 					"munmap",
+					"name_to_handle_at",
 					"nanosleep",
 					"newfstatat",
 					"_newselect",