common/seccomp: add rseq syscall (#30620)

belimawr · web-flow · commit f02fa32e0a37 · 2022-03-02T15:43:54.000+01:00
rseq syscall is available on glibc >= 2.35, and called when CGO is used. If we don't allow rseq, Beats will eventually crash with an glibc error: `Fatal glibc error: rseq registration failed`. Fixes: #30576
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -43,6 +43,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...main[Check the HEAD dif
 - Fix a logging bug when `ssl.verification_mode` was set to `full` or `certificate`, the command `test output` incorrectly logged that TLS was disabled.
 - Fix the ability for subcommands to be ran properly from the beats containers. {pull}30452[30452]
 - Update docker/distribution dependency library to fix a security issues concerning OCI Manifest Type Confusion Issue. {pull}30462[30462]
+- Fixes Beats crashing when glibc >= 2.35 is used {issue}30576[30576]
 
 *Auditbeat*
 
diff --git a/libbeat/common/seccomp/policy_linux_386.go b/libbeat/common/seccomp/policy_linux_386.go
@@ -100,6 +100,7 @@ func init() {
 					"rename",
 					"renameat",
 					"restart_syscall",
+					"rseq",
 					"rt_sigaction",
 					"rt_sigprocmask",
 					"rt_sigreturn",
diff --git a/libbeat/common/seccomp/policy_linux_amd64.go b/libbeat/common/seccomp/policy_linux_amd64.go
@@ -112,6 +112,7 @@ func init() {
 					"recvmsg",
 					"rename",
 					"renameat",
+					"rseq",
 					"rt_sigaction",
 					"rt_sigprocmask",
 					"rt_sigreturn",
diff --git a/libbeat/common/seccomp/seccomp-profiler-allow.txt b/libbeat/common/seccomp/seccomp-profiler-allow.txt
@@ -3,6 +3,7 @@ mprotect
 set_robust_list
 tgkill
 time
+rseq
 
 # cgo os/user
 access
