seccomp: allow io-uring related system calls

thaJeztah · thaJeztah · commit 1f5b5c909eec · 2020-09-14T16:17:42.000+02:00
Adds the io-uring related system call introduced in kernel 5.1 to the seccomp whitelist. With older kernels or older versions of libseccomp, this configure will be omitted. Note that io_uring will grow support for more syscalls in the future so we should keep an eye on this. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 325bac7) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
diff --git a/contrib/seccomp/seccomp_default.go b/contrib/seccomp/seccomp_default.go
@@ -175,6 +175,9 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"ioprio_set",
 				"io_setup",
 				"io_submit",
+				"io_uring_enter",
+				"io_uring_register",
+				"io_uring_setup",
 				"ipc",
 				"kill",
 				"lchown",
