From 31410a6d79fc4ea6fa496636015bf9f53c1c8b14 Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Sat, 5 Mar 2016 22:10:12 +0000
Subject: [PATCH] Add ipc syscall to default seccomp profile

On 32 bit x86 this is a multiplexing syscall for the system V
ipc syscalls such as shmget, and so needs to be allowed for
shared memory access for 32 bit binaries.

Fixes #20733

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 profiles/seccomp/default.json       | 5 +++++
 profiles/seccomp/seccomp_default.go | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
index 1addba4e46..91f04d6ec4 100755
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -593,6 +593,11 @@
 			"action": "SCMP_ACT_ALLOW",
 			"args": []
 		},
+		{
+			"name": "ipc",
+			"action": "SCMP_ACT_ALLOW",
+			"args": []
+		},
 		{
 			"name": "kill",
 			"action": "SCMP_ACT_ALLOW",
diff --git a/profiles/seccomp/seccomp_default.go b/profiles/seccomp/seccomp_default.go
index 9fa50979b0..181e9f5002 100644
--- a/profiles/seccomp/seccomp_default.go
+++ b/profiles/seccomp/seccomp_default.go
@@ -625,6 +625,11 @@ var DefaultProfile = &types.Seccomp{
 			Action: types.ActAllow,
 			Args:   []*types.Arg{},
 		},
+		{
+			Name:   "ipc",
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+		},
 		{
 			Name:   "kill",
 			Action: types.ActAllow,