diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json index 3ae143c8b1..4213799ddb 100644 --- a/profiles/seccomp/default.json +++ b/profiles/seccomp/default.json @@ -74,6 +74,7 @@ "clock_nanosleep", "clock_nanosleep_time64", "close", + "close_range", "connect", "copy_file_range", "creat", @@ -85,6 +86,7 @@ "epoll_ctl", "epoll_ctl_old", "epoll_pwait", + "epoll_pwait2", "epoll_wait", "epoll_wait_old", "eventfd", @@ -590,9 +592,15 @@ "bpf", "clone", "fanotify_init", + "fsconfig", + "fsmount", + "fsopen", + "fspick", "lookup_dcookie", "mount", + "move_mount", "name_to_handle_at", + "open_tree", "perf_event_open", "quotactl", "setdomainname", @@ -724,6 +732,7 @@ "names": [ "kcmp", "pidfd_getfd", + "process_madvise", "process_vm_readv", "process_vm_writev", "ptrace" diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go index 232a4149cd..879eb88c64 100644 --- a/profiles/seccomp/default_linux.go +++ b/profiles/seccomp/default_linux.go @@ -67,6 +67,7 @@ func DefaultProfile() *Seccomp { "clock_nanosleep", "clock_nanosleep_time64", "close", + "close_range", "connect", "copy_file_range", "creat", @@ -78,6 +79,7 @@ func DefaultProfile() *Seccomp { "epoll_ctl", "epoll_ctl_old", "epoll_pwait", + "epoll_pwait2", "epoll_wait", "epoll_wait_old", "eventfd", @@ -521,9 +523,15 @@ func DefaultProfile() *Seccomp { "bpf", "clone", "fanotify_init", + "fsconfig", + "fsmount", + "fsopen", + "fspick", "lookup_dcookie", "mount", + "move_mount", "name_to_handle_at", + "open_tree", "perf_event_open", "quotactl", "setdomainname", @@ -625,6 +633,7 @@ func DefaultProfile() *Seccomp { Names: []string{ "kcmp", "pidfd_getfd", + "process_madvise", "process_vm_readv", "process_vm_writev", "ptrace",