Skip to content

Commit

Permalink
seccomp: allow clone3 syscall for x86 (#28117)
Browse files Browse the repository at this point in the history
clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details

(cherry picked from commit 82507fd)
  • Loading branch information
BlackYoup authored and mergify-bot committed Oct 11, 2021
1 parent a3d9bd1 commit 2f913f7
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 0 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,9 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Preserve annotations in a kubernetes namespace metadata {pull}27045[27045]
- Allow conditional processing in `decode_xml` and `decode_xml_wineventlog`. {pull}27159[27159]
- Fix build constraint that caused issues with doc builds. {pull}27381[27381]
- Beats dashboards use custom index when `setup.dashboards.index` is set. {issue}21232[21232] {pull}27901[27901]
- Fix handling of float data types within processors. {issue}28279[28279] {pull}28280[28280]
- Allow `clone3` syscall in seccomp filters. {pull}28117[28117]

*Auditbeat*

Expand Down
1 change: 1 addition & 0 deletions libbeat/common/seccomp/policy_linux_386.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ func init() {
"chown",
"clock_gettime",
"clone",
"clone3",
"close",
"dup",
"dup2",
Expand Down
1 change: 1 addition & 0 deletions libbeat/common/seccomp/policy_linux_amd64.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ func init() {
"chown",
"clock_gettime",
"clone",
"clone3",
"close",
"connect",
"dup",
Expand Down

0 comments on commit 2f913f7

Please sign in to comment.