From 2855e0416dc617bfeb11cba2d95ad83afa82d5c9 Mon Sep 17 00:00:00 2001 From: Arnaud Lefebvre Date: Fri, 24 Sep 2021 11:20:01 +0200 Subject: [PATCH] seccomp: allow clone3 syscall for x86 clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See https://github.com/elastic/apm-server/issues/6238 for more details --- CHANGELOG.next.asciidoc | 1 + libbeat/common/seccomp/policy_linux_386.go | 1 + libbeat/common/seccomp/policy_linux_amd64.go | 1 + 3 files changed, 3 insertions(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 7c29181058f..321cab97368 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -211,6 +211,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d as gauges (rather than counters). {pull}22877[22877] - Beats dashboards use custom index when `setup.dashboards.index` is set. {issue}21232[21232] {pull}27901[27901] - Fix handling of float data types within processors. {issue}28279[28279] {pull}28280[28280] +- Allow `clone3` syscall in seccomp filters. {pull}28117[28117] *Auditbeat* diff --git a/libbeat/common/seccomp/policy_linux_386.go b/libbeat/common/seccomp/policy_linux_386.go index 796b071a104..40b49113b73 100644 --- a/libbeat/common/seccomp/policy_linux_386.go +++ b/libbeat/common/seccomp/policy_linux_386.go @@ -35,6 +35,7 @@ func init() { "chown", "clock_gettime", "clone", + "clone3", "close", "dup", "dup2", diff --git a/libbeat/common/seccomp/policy_linux_amd64.go b/libbeat/common/seccomp/policy_linux_amd64.go index 4246e6a1a51..6096b37bb32 100644 --- a/libbeat/common/seccomp/policy_linux_amd64.go +++ b/libbeat/common/seccomp/policy_linux_amd64.go @@ -38,6 +38,7 @@ func init() { "chown", "clock_gettime", "clone", + "clone3", "close", "connect", "dup",