From fd32c5b2300d47d51e615e689a9a3da2b196e58e Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@unikernel.com>
Date: Sun, 10 Jan 2016 12:00:11 +0000
Subject: [PATCH] Add i386 specific modify_ldt syscall to default seccomp
 filter

This syscall is used by Go on i386 binaries, although not by libc.

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: 13a9d4e8993997b2bf9be7e96a8d7978a73d0b9b
Component: engine
---
 .../engine/daemon/execdriver/native/seccomp_default.go      | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/components/engine/daemon/execdriver/native/seccomp_default.go b/components/engine/daemon/execdriver/native/seccomp_default.go
index d8dfafde9b..542ee95b7e 100644
--- a/components/engine/daemon/execdriver/native/seccomp_default.go
+++ b/components/engine/daemon/execdriver/native/seccomp_default.go
@@ -1564,5 +1564,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		// i386 specific syscalls
+		{
+			Name:   "modify_ldt",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 	},
 }