[stable/datadog] Add some missing syscalls to the system-probe secc…

…omp profile (helm#21456) The added syscalls are syscalls that an unconfined `system-probe` would do. Signed-off-by: Lénaïc Huard <lenaic.huard@datadoghq.com>
vboulineau · Mar 17, 2020 · 017b3c0 · 017b3c0
1 parent b181353
commit 017b3c0
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/stable/datadog/CHANGELOG.md b/stable/datadog/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## 2.0
 
+## 2.0.11
+
+* Add missing syscalls in the `system-probe` seccomp profile
+
 ## 2.0.10
 
 * Do not enable the `cri` check when running on a `docker` setup.

diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: datadog
-version: 2.0.10
+version: 2.0.11
 appVersion: "7"
 description: Datadog Agent
 keywords:

diff --git a/stable/datadog/templates/system-probe-configmap.yaml b/stable/datadog/templates/system-probe-configmap.yaml
@@ -40,13 +40,15 @@ data:
         {
           "names": [
             "accept4",
+            "access",
             "arch_prctl",
             "bind",
             "bpf",
             "brk",
             "capget",
             "capset",
             "chdir",
+            "clock_gettime",
             "clone",
             "close",
             "connect",
@@ -78,8 +80,12 @@ data:
             "fstat64",
             "fsync",
             "futex",
+            "getcwd",
             "getdents",
             "getdents64",
+            "getegid",
+            "geteuid",
+            "getgid",
             "getpeername",
             "getpid",
             "getppid",
@@ -96,10 +102,12 @@ data:
             "getsockopt",
             "gettid",
             "gettimeofday",
+            "getuid",
             "getxattr",
             "ioctl",
             "ipc",
             "listen",
+            "lseek",
             "lstat",
             "lstat64",
             "mkdir",
@@ -120,10 +128,14 @@ data:
             "ppoll",
             "prctl",
             "prlimit64",
+            "pselect6",
             "read",
+            "readlink",
+            "readlinkat",
             "recvfrom",
             "recvmmsg",
             "recvmsg",
+            "rename",
             "restart_syscall",
             "rmdir",
             "rt_sigaction",
@@ -134,17 +146,22 @@ data:
             "rt_sigsuspend",
             "rt_sigtimedwait",
             "rt_tgsigqueueinfo",
+            "sched_getaffinity",
+            "sched_yield",
             "seccomp",
             "select",
             "semtimedop",
             "send",
             "sendmmsg",
             "sendmsg",
             "sendto",
+            "set_robust_list",
+            "set_tid_address",
             "setgid",
             "setgid32",
             "setgroups",
             "setgroups32",
+            "setns",
             "setrlimit",
             "setsid",
             "setsidaccept4",
@@ -158,6 +175,7 @@ data:
             "stat",
             "stat64",
             "statfs",
+            "sysinfo",
             "umask",
             "uname",
             "unlink",