Merge pull request #43199 from Xyene/allow-landlock

seccomp: add support for Landlock syscalls in default policy
2022-05-13 10:18:45 +02:00 · 2022-05-13 10:18:45 +02:00 · e9712464ad
commit e9712464ad
parent a75620086f af819bf623
2 changed files with 6 additions and 0 deletions
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@ -183,6 +183,9 @@
 				"io_uring_setup",
 				"ipc",
 				"kill",
+				"landlock_add_rule",
+				"landlock_create_ruleset",
+				"landlock_restrict_self",
 				"lchown",
 				"lchown32",
 				"lgetxattr",
--- a/profiles/seccomp/default_linux.go
+++ b/profiles/seccomp/default_linux.go
@ -175,6 +175,9 @@ func DefaultProfile() *Seccomp {
 					"io_uring_setup",
 					"ipc",
 					"kill",
+					"landlock_add_rule",
+					"landlock_create_ruleset",
+					"landlock_restrict_self",
 					"lchown",
 					"lchown32",
 					"lgetxattr",