seccomp-util: add cacheflush() syscall to @default syscall set

This is like membarrier() I guess and basically just exposes CPU functionality via kernel syscall on some archs. Let's whitelist it for everyone. Fixes: #17197
2026-03-06 15:02:31 -08:00 · 2020-09-29 15:59:28 +02:00
parent 4796a4fba9
commit 8e24b1d23f
1 changed files with 1 additions and 0 deletions
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -272,6 +272,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                .name = "@default",
                .help = "System calls that are always permitted",
                .value =
+                "cacheflush\0"
                "clock_getres\0"
                "clock_getres_time64\0"
                "clock_gettime\0"