seccomp: whitelist quotactl with CAP_SYS_ADMIN

pmoust · pmoust · commit cf6e1c5dfd07 · 2017-08-09T18:52:15.000+03:00
The quotactl syscall is being whitelisted in default seccomp profile,
gated by CAP_SYS_ADMIN.

Signed-off-by: Panagiotis Moustafellos &lt;pmoust@elastic.co&gt;
diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
@@ -557,6 +557,7 @@
 				"mount",
 				"name_to_handle_at",
 				"perf_event_open",
+				"quotactl",
 				"setdomainname",
 				"sethostname",
 				"setns",
diff --git a/profiles/seccomp/seccomp_default.go b/profiles/seccomp/seccomp_default.go
@@ -488,6 +488,7 @@ func DefaultProfile() *types.Seccomp {
 				"mount",
 				"name_to_handle_at",
 				"perf_event_open",
+				"quotactl",
 				"setdomainname",
 				"sethostname",
 				"setns",
