From 1026f873a47c88bc0dd617402ae3c1247a4117a2 Mon Sep 17 00:00:00 2001
From: Julio Guerra <julio@sqreen.com>
Date: Mon, 23 Mar 2020 15:51:08 +0100
Subject: [PATCH] seccomp: allow syscall membarrier

Add the membarrier syscall to the default seccomp profile.
It is for example used in the implementation of dlopen() in
the musl libc of Alpine images.

Signed-off-by: Julio Guerra <julio@sqreen.com>
---
 profiles/seccomp/default.json       | 1 +
 profiles/seccomp/seccomp_default.go | 1 +
 2 files changed, 2 insertions(+)

diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
index 71ac412dfb..08556598a0 100644
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -187,6 +187,7 @@
 				"lstat",
 				"lstat64",
 				"madvise",
+				"membarrier",
 				"memfd_create",
 				"mincore",
 				"mkdir",
diff --git a/profiles/seccomp/seccomp_default.go b/profiles/seccomp/seccomp_default.go
index 16148b4080..cf3dec2b34 100644
--- a/profiles/seccomp/seccomp_default.go
+++ b/profiles/seccomp/seccomp_default.go
@@ -180,6 +180,7 @@ func DefaultProfile() *types.Seccomp {
 				"lstat",
 				"lstat64",
 				"madvise",
+				"membarrier",
 				"memfd_create",
 				"mincore",
 				"mkdir",