docker/patch/0278-docker-add-clone3-seccomp-whitelist-for-arm64.patch

From c2bc614038532cfbd1db9bfe8ff3949b1867a5c5 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Fri, 2 Aug 2024 16:26:00 +0800
Subject: [PATCH] docker:add clone3 seccomp whitelist for arm64

---
 components/engine/profiles/seccomp/seccomp_default.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/components/engine/profiles/seccomp/seccomp_default.go b/components/engine/profiles/seccomp/seccomp_default.go
index 2c670623..a90e441c 100644
--- a/components/engine/profiles/seccomp/seccomp_default.go
+++ b/components/engine/profiles/seccomp/seccomp_default.go
@@ -482,7 +482,6 @@ func DefaultProfile() *types.Seccomp {
 		{
 			Names: []string{
 				"modify_ldt",
-				"clone3",
 			},
 			Action: types.ActAllow,
 			Args:   []*types.Arg{},
@@ -490,6 +489,16 @@ func DefaultProfile() *types.Seccomp {
 				Arches: []string{"amd64", "x32", "x86"},
 			},
 		},
+		{
+                        Names: []string{
+				"clone3",
+                        },
+                        Action: types.ActAllow,
+                        Args:   []*types.Arg{},
+                        Includes: types.Filter{
+                                Arches: []string{"arm64", "amd64", "x32", "x86"},
+                        },
+                },
 		{
 			Names: []string{
 				"s390_pci_mmio_read",
-- 
2.33.0
docker:add clone3 seccomp whitelist for arm64 (cherry picked from commit 36446e9c94c779506c0d37b582a8b4330afeaaa1) 2024-08-02 16:33:24 +08:00			`From c2bc614038532cfbd1db9bfe8ff3949b1867a5c5 Mon Sep 17 00:00:00 2001`
			`From: zhongjiawei <zhongjiawei1@huawei.com>`
			`Date: Fri, 2 Aug 2024 16:26:00 +0800`
			`Subject: [PATCH] docker:add clone3 seccomp whitelist for arm64`

			`---`
			`components/engine/profiles/seccomp/seccomp_default.go \| 11 ++++++++++-`
			`1 file changed, 10 insertions(+), 1 deletion(-)`

			`diff --git a/components/engine/profiles/seccomp/seccomp_default.go b/components/engine/profiles/seccomp/seccomp_default.go`
			`index 2c670623..a90e441c 100644`
			`--- a/components/engine/profiles/seccomp/seccomp_default.go`
			`+++ b/components/engine/profiles/seccomp/seccomp_default.go`
			`@@ -482,7 +482,6 @@ func DefaultProfile() *types.Seccomp {`
			`{`
			`Names: []string{`
			`"modify_ldt",`
			`- "clone3",`
			`},`
			`Action: types.ActAllow,`
			`Args: []*types.Arg{},`
			`@@ -490,6 +489,16 @@ func DefaultProfile() *types.Seccomp {`
			`Arches: []string{"amd64", "x32", "x86"},`
			`},`
			`},`
			`+ {`
			`+ Names: []string{`
			`+ "clone3",`
			`+ },`
			`+ Action: types.ActAllow,`
			`+ Args: []*types.Arg{},`
			`+ Includes: types.Filter{`
			`+ Arches: []string{"arm64", "amd64", "x32", "x86"},`
			`+ },`
			`+ },`
			`{`
			`Names: []string{`
			`"s390_pci_mmio_read",`
			`--`
			`2.33.0`