profile.json: update to e258d66f17

2022-07-26 15:57:12 +08:00 · 2022-07-26 15:57:12 +08:00 · edbfe03e77
parent 0f6302d8c2
commit edbfe03e77
1 changed files with 29 additions and 2 deletions
--- a/scripts/profile.json
+++ b/scripts/profile.json
@ -1,5 +1,5 @@
 {
-    "description": "This is a custom seccomp profile which allows the personality system call, based on https://github.com/moby/moby/blob/85eaf23bf46b12827273ab2ff523c753117dbdc7/profiles/seccomp/default.json.",
+    "description": "This is a custom seccomp profile which allows the personality system call, based on https://github.com/moby/moby/blob/e258d66f176a4447931edfd9398c55b3e8ee4a07/profiles/seccomp/default.json.",
    "defaultAction": "SCMP_ACT_ERRNO",
    "defaultErrnoRet": 1,
    "archMap": [
@ -49,6 +49,10 @@
            "subArchitectures": [
                "SCMP_ARCH_S390"
            ]
+        },
+        {
+            "architecture": "SCMP_ARCH_RISCV64",
+            "subArchitectures": null
        }
    ],
    "syscalls": [
@ -128,6 +132,7 @@
                "ftruncate64",
                "futex",
                "futex_time64",
+                "futex_waitv",
                "futimesat",
                "getcpu",
                "getcwd",
@ -184,6 +189,9 @@
                "io_uring_setup",
                "ipc",
                "kill",
+                "landlock_add_rule",
+                "landlock_create_ruleset",
+                "landlock_restrict_self",
                "lchown",
                "lchown32",
                "lgetxattr",
@ -201,6 +209,7 @@
                "madvise",
                "membarrier",
                "memfd_create",
+                "memfd_secret",
                "mincore",
                "mkdir",
                "mkdirat",
@ -241,6 +250,9 @@
                "pidfd_send_signal",
                "pipe",
                "pipe2",
+                "pkey_alloc",
+                "pkey_free",
+                "pkey_mprotect",
                "poll",
                "ppoll",
                "ppoll_time64",
@ -249,6 +261,7 @@
                "preadv",
                "preadv2",
                "prlimit64",
+                "process_mrelease",
                "pselect6",
                "pselect6_time64",
                "pwrite64",
@ -542,6 +555,17 @@
                ]
            }
        },
+        {
+            "names": [
+                "riscv_flush_icache"
+            ],
+            "action": "SCMP_ACT_ALLOW",
+            "includes": {
+                "arches": [
+                    "riscv64"
+                ]
+            }
+        },
        {
            "names": [
                "open_by_handle_at"
@ -565,11 +589,13 @@
                "fspick",
                "lookup_dcookie",
                "mount",
+                "mount_setattr",
                "move_mount",
                "name_to_handle_at",
                "open_tree",
                "perf_event_open",
                "quotactl",
+                "quotactl_fd",
                "setdomainname",
                "sethostname",
                "setns",
@ -722,7 +748,8 @@
            "names": [
                "settimeofday",
                "stime",
-                "clock_settime"
+                "clock_settime",
+                "clock_settime64"
            ],
            "action": "SCMP_ACT_ALLOW",
            "includes": {