seccomp: allowlist uretprobe() syscall

This is a new syscall provided by the kernel used to implement faster
uprobes. It's not supposed to be called by userspace, but only by kernel
generated uprobe code.

It should be fine to allow this, as the kernel authenticates the
invocation itself, and we shouldn't break compat with things.

Note that this allowlisting is not sufficient to make ureprobe() work.
libseccomp must be tought the syscall too, but this can happen
independently.

Fixes: #34615

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index b251e396727f5e9080a94ffef9b9cac20b4fd5ac..bd1bd5c0e3f24cd721417cc867c31e79f1e593bd 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -382,6 +382,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "sigreturn\0"
                 "time\0"
                 "ugetrlimit\0"
+                "uretprobe\0"
         },
         [SYSCALL_FILTER_SET_AIO] = {
                 .name = "@aio",