From 4dac32e26673e2c9c2b9faf322777894a4d59443 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Sun, 27 Nov 2022 16:43:09 -0500 Subject: [PATCH] Add clock_nanosleep to seccomp allowlist Fixes #33792 --- CHANGELOG.next.asciidoc | 1 + libbeat/common/seccomp/policy_linux_386.go | 1 + libbeat/common/seccomp/policy_linux_amd64.go | 1 + 3 files changed, 3 insertions(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 5b40f808c12a..a6126caeba94 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -47,6 +47,7 @@ https://github.com/elastic/beats/compare/v8.2.0\...main[Check the HEAD diff] - Keep `orchestrator.cluster.name` if `kubeconfig` is not returned in GKE metadata. {pull}33418[33418] - Fix Windows service install/uninstall when Win32_Service returns error, add logic to wait until the Windows Service is stopped before proceeding. {pull}33322[33322] - Support for multiline zookeeper logs {issue}2496[2496] +- Allow `clock_nanosleep` in the default seccomp profiles for amd64 and 386. Newer versions of glibc (e.g. 2.31) require it. {issue}33792[33792] *Auditbeat* diff --git a/libbeat/common/seccomp/policy_linux_386.go b/libbeat/common/seccomp/policy_linux_386.go index d333394aea73..5a7227010601 100644 --- a/libbeat/common/seccomp/policy_linux_386.go +++ b/libbeat/common/seccomp/policy_linux_386.go @@ -34,6 +34,7 @@ func init() { "chmod", "chown", "clock_gettime", + "clock_nanosleep", "clone", "clone3", "close", diff --git a/libbeat/common/seccomp/policy_linux_amd64.go b/libbeat/common/seccomp/policy_linux_amd64.go index 356fb31fe8df..54a2ec86ad13 100644 --- a/libbeat/common/seccomp/policy_linux_amd64.go +++ b/libbeat/common/seccomp/policy_linux_amd64.go @@ -37,6 +37,7 @@ func init() { "chmod", "chown", "clock_gettime", + "clock_nanosleep", "clone", "clone3", "close",