seccomp: add swapcontext into @process for ppc32

There are some modern programming languages use userspace context switches
to implement coroutine features. PowerPC (32-bit) needs syscall "swapcontext" to get
contexts or switch between contexts, which is special.

Adding this rule should fix #9485.

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index c433cb90dceca639fe77b3e25f4d59de91852b78..ade3c656af60fa957c7fb903eae878f04f69054a 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -651,6 +651,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "rt_sigqueueinfo\0"
                 "rt_tgsigqueueinfo\0"
                 "setns\0"
+                "swapcontext\0" /* Some archs e.g. powerpc32 are using it to do userspace context switches */
                 "tgkill\0"
                 "times\0"
                 "tkill\0"