Merge pull request #43553 from AkihiroSuda/riscv64

seccomp: support riscv64

2 files changed, 30 insertions, 0 deletions

diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
index 73ad2d6418..37e6febf53 100644
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -48,6 +48,10 @@
 			"subArchitectures": [
 				"SCMP_ARCH_S390"
 			]
+		},
+		{
+			"architecture": "SCMP_ARCH_RISCV64",
+			"subArchitectures": null
 		}
 	],
 	"syscalls": [
@@ -545,6 +549,17 @@
 		},
 		{
 			"names": [
+				"riscv_flush_icache"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"includes": {
+				"arches": [
+					"riscv64"
+				]
+			}
+		},
+		{
+			"names": [
 				"open_by_handle_at"
 			],
 			"action": "SCMP_ACT_ALLOW",
diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
index fbd725758b..ca6dfd4661 100644
--- a/profiles/seccomp/default_linux.go
+++ b/profiles/seccomp/default_linux.go
@@ -35,6 +35,10 @@ func arches() []Architecture {
 			Arch:      specs.ArchS390X,
 			SubArches: []specs.Arch{specs.ArchS390},
 		},
+		{
+			Arch:      specs.ArchRISCV64,
+			SubArches: nil,
+		},
 	}
 }
 
@@ -536,6 +540,17 @@ func DefaultProfile() *Seccomp {
 		{
 			LinuxSyscall: specs.LinuxSyscall{
 				Names: []string{
+					"riscv_flush_icache",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Arches: []string{"riscv64"},
+			},
+		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
 					"open_by_handle_at",
 				},
 				Action: specs.ActAllow,