From cf6e1c5dfd07f5048606bb7b21464c658e252322 Mon Sep 17 00:00:00 2001
From: Panagiotis Moustafellos <pmoust@elastic.co>
Date: Tue, 8 Aug 2017 20:01:53 +0300
Subject: [PATCH] seccomp: whitelist quotactl with CAP_SYS_ADMIN

The quotactl syscall is being whitelisted in default seccomp profile,
gated by CAP_SYS_ADMIN.

Signed-off-by: Panagiotis Moustafellos <pmoust@elastic.co>
---
 profiles/seccomp/default.json       | 1 +
 profiles/seccomp/seccomp_default.go | 1 +
 2 files changed, 2 insertions(+)

diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
index b71a8718a4..26ef2b604d 100755
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -557,6 +557,7 @@
 				"mount",
 				"name_to_handle_at",
 				"perf_event_open",
+				"quotactl",
 				"setdomainname",
 				"sethostname",
 				"setns",
diff --git a/profiles/seccomp/seccomp_default.go b/profiles/seccomp/seccomp_default.go
index 1e6ea90e34..83a437521e 100644
--- a/profiles/seccomp/seccomp_default.go
+++ b/profiles/seccomp/seccomp_default.go
@@ -488,6 +488,7 @@ func DefaultProfile() *types.Seccomp {
 				"mount",
 				"name_to_handle_at",
 				"perf_event_open",
+				"quotactl",
 				"setdomainname",
 				"sethostname",
 				"setns",