From 208b0e868fa45d6ababed786d5745feaf93a45c2 Mon Sep 17 00:00:00 2001
From: Joris Vink <joris@coders.se>
Date: Thu, 6 Apr 2023 09:33:48 +0200
Subject: [PATCH] add more syscalls to seccomp whitelists.

---
 src/acme.c  | 6 ++++++
 src/curl.c  | 6 ++++++
 src/tasks.c | 6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/src/acme.c b/src/acme.c
index 3d508ec..08c2cb5 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -112,6 +112,12 @@ static struct sock_filter filter_acme[] = {
 	KORE_SYSCALL_ALLOW(clone),
 	KORE_SYSCALL_ALLOW(membarrier),
 	KORE_SYSCALL_ALLOW(set_robust_list),
+#if defined(SYS_clone3)
+	KORE_SYSCALL_ALLOW(clone3),
+#endif
+#if defined(SYS_rseq)
+	KORE_SYSCALL_ALLOW(rseq),
+#endif
 };
 #endif
 
diff --git a/src/curl.c b/src/curl.c
index d29be20..f8f8936 100644
--- a/src/curl.c
+++ b/src/curl.c
@@ -40,6 +40,12 @@ static struct sock_filter filter_curl[] = {
 	/* Threading related. */
 	KORE_SYSCALL_ALLOW(clone),
 	KORE_SYSCALL_ALLOW(set_robust_list),
+#if defined(SYS_clone3)
+	KORE_SYSCALL_ALLOW(clone3),
+#endif
+#if defined(SYS_rseq)
+	KORE_SYSCALL_ALLOW(rseq),
+#endif
 
 	/* Other */
 	KORE_SYSCALL_ALLOW(uname),
diff --git a/src/tasks.c b/src/tasks.c
index 1227d1e..8e1dd3a 100644
--- a/src/tasks.c
+++ b/src/tasks.c
@@ -33,6 +33,12 @@ static struct sock_filter filter_task[] = {
 	KORE_SYSCALL_ALLOW(clone),
 	KORE_SYSCALL_ALLOW(socketpair),
 	KORE_SYSCALL_ALLOW(set_robust_list),
+#if defined(SYS_clone3)
+	KORE_SYSCALL_ALLOW(clone3),
+#endif
+#if defined(SYS_rseq)
+	KORE_SYSCALL_ALLOW(rseq),
+#endif
 };
 #endif