From 9e4d711866836805f854df1fc5ee1a2b44668d86 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 25 Aug 2021 18:03:35 +0200
Subject: [PATCH] seccomp: allow memfd_secret

memfd_secret is a new syscall that will be added to Linux 5.14

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/seccomp/default_linux.go | 1 +
 pkg/seccomp/seccomp.json     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/pkg/seccomp/default_linux.go b/pkg/seccomp/default_linux.go
index 725e0bfc7..cf333744c 100644
--- a/pkg/seccomp/default_linux.go
+++ b/pkg/seccomp/default_linux.go
@@ -236,6 +236,7 @@ func DefaultProfile() *Seccomp {
 				"madvise",
 				"mbind",
 				"memfd_create",
+				"memfd_secret",
 				"mincore",
 				"mkdir",
 				"mkdirat",
diff --git a/pkg/seccomp/seccomp.json b/pkg/seccomp/seccomp.json
index eeb41d5d8..c009134e3 100644
--- a/pkg/seccomp/seccomp.json
+++ b/pkg/seccomp/seccomp.json
@@ -242,6 +242,7 @@
 				"madvise",
 				"mbind",
 				"memfd_create",
+				"memfd_secret",
 				"mincore",
 				"mkdir",
 				"mkdirat",