From a4fcef0295bb215df635f78cdd71aa58f022dec0 Mon Sep 17 00:00:00 2001 From: Arnaud Lefebvre Date: Mon, 11 Oct 2021 14:51:24 +0200 Subject: [PATCH] seccomp: allow clone3 syscall for x86 (#28117) clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See https://github.com/elastic/apm-server/issues/6238 for more details --- CHANGELOG.next.asciidoc | 1 + libbeat/common/seccomp/policy_linux_386.go | 1 + libbeat/common/seccomp/policy_linux_amd64.go | 1 + 3 files changed, 3 insertions(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 6122d6f38b8..72372adc4b9 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -211,6 +211,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d as gauges (rather than counters). {pull}22877[22877] - Beats dashboards use custom index when `setup.dashboards.index` is set. {issue}21232[21232] {pull}27901[27901] - Fix handling of float data types within processors. {issue}28279[28279] {pull}28280[28280] +- Allow `clone3` syscall in seccomp filters. {pull}28117[28117] *Auditbeat* diff --git a/libbeat/common/seccomp/policy_linux_386.go b/libbeat/common/seccomp/policy_linux_386.go index 796b071a104..40b49113b73 100644 --- a/libbeat/common/seccomp/policy_linux_386.go +++ b/libbeat/common/seccomp/policy_linux_386.go @@ -35,6 +35,7 @@ func init() { "chown", "clock_gettime", "clone", + "clone3", "close", "dup", "dup2", diff --git a/libbeat/common/seccomp/policy_linux_amd64.go b/libbeat/common/seccomp/policy_linux_amd64.go index 4246e6a1a51..6096b37bb32 100644 --- a/libbeat/common/seccomp/policy_linux_amd64.go +++ b/libbeat/common/seccomp/policy_linux_amd64.go @@ -38,6 +38,7 @@ func init() { "chown", "clock_gettime", "clone", + "clone3", "close", "connect", "dup",