From 339f5cbdb95ed615372f0f153ff76d0d06faccc2 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 16 Jun 2021 12:16:41 +0200
Subject: [PATCH] seccomp: allow pkey_*

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 common/pkg/seccomp/default_linux.go | 6 +++---
 common/pkg/seccomp/seccomp.json     | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/common/pkg/seccomp/default_linux.go b/common/pkg/seccomp/default_linux.go
index fce834c582..2b6beab9b5 100644
--- a/common/pkg/seccomp/default_linux.go
+++ b/common/pkg/seccomp/default_linux.go
@@ -67,9 +67,6 @@ func DefaultProfile() *Seccomp {
 				"pciconfig_iobase",
 				"pciconfig_read",
 				"pciconfig_write",
-				"pkey_alloc",
-				"pkey_free",
-				"pkey_mprotect",
 				"rseq",
 				"sgetmask",
 				"ssetmask",
@@ -283,6 +280,9 @@ func DefaultProfile() *Seccomp {
 				"pipe",
 				"pipe2",
 				"pivot_root",
+				"pkey_alloc",
+				"pkey_free",
+				"pkey_mprotect",
 				"poll",
 				"ppoll",
 				"ppoll_time64",
diff --git a/common/pkg/seccomp/seccomp.json b/common/pkg/seccomp/seccomp.json
index 7f55ee03f0..b5cad7f736 100644
--- a/common/pkg/seccomp/seccomp.json
+++ b/common/pkg/seccomp/seccomp.json
@@ -70,9 +70,6 @@
 				"pciconfig_iobase",
 				"pciconfig_read",
 				"pciconfig_write",
-				"pkey_alloc",
-				"pkey_free",
-				"pkey_mprotect",
 				"rseq",
 				"sgetmask",
 				"ssetmask",
@@ -289,6 +286,9 @@
 				"pipe",
 				"pipe2",
 				"pivot_root",
+				"pkey_alloc",
+				"pkey_free",
+				"pkey_mprotect",
 				"poll",
 				"ppoll",
 				"ppoll_time64",