From c2bc614038532cfbd1db9bfe8ff3949b1867a5c5 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Fri, 2 Aug 2024 16:26:00 +0800
Subject: [PATCH] docker:add clone3 seccomp whitelist for arm64

---
 components/engine/profiles/seccomp/seccomp_default.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/components/engine/profiles/seccomp/seccomp_default.go b/components/engine/profiles/seccomp/seccomp_default.go
index 2c670623..a90e441c 100644
--- a/components/engine/profiles/seccomp/seccomp_default.go
+++ b/components/engine/profiles/seccomp/seccomp_default.go
@@ -482,7 +482,6 @@ func DefaultProfile() *types.Seccomp {
 		{
 			Names: []string{
 				"modify_ldt",
-				"clone3",
 			},
 			Action: types.ActAllow,
 			Args:   []*types.Arg{},
@@ -490,6 +489,16 @@ func DefaultProfile() *types.Seccomp {
 				Arches: []string{"amd64", "x32", "x86"},
 			},
 		},
+		{
+                        Names: []string{
+				"clone3",
+                        },
+                        Action: types.ActAllow,
+                        Args:   []*types.Arg{},
+                        Includes: types.Filter{
+                                Arches: []string{"arm64", "amd64", "x32", "x86"},
+                        },
+                },
 		{
 			Names: []string{
 				"s390_pci_mmio_read",
-- 
2.33.0