Merge pull request #18959 from justincormack/finit_module

Deny finit_module in default seccomp profile
Upstream-commit: ad8bce2ce4e27f7484fc65a3e6b9bf111793a263
Component: engine

components/engine/daemon/execdriver/native/seccomp_default.go

@@ -77,6 +77,12 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Errno,
 			Args:   []*configs.Arg{},
 		},
+		{
+			// Deny manipulation and functions on kernel modules.
+			Name:   "finit_module",
+			Action: configs.Errno,
+			Args:   []*configs.Arg{},
+		},
 		{
 			// Deny retrieval of exported kernel and module symbols
 			Name:   "get_kernel_syms",