From 7b18fd9382d706a03c09ab56b60c53f96cc86017 Mon Sep 17 00:00:00 2001
From: xiadanni <xiadanni1@huawei.com>
Date: Wed, 8 Sep 2021 12:59:53 +0800
Subject: [PATCH] docker:add clone3 to seccomp whitelist to fix curl failed in
 X86

After kernel upgrade to 5.10, clone3 is defined. But if clone3 is not
added to docker seccomp whitelist, clone3 calling will be rejected in
container, which causes some commands like curl returns error.

Signed-off-by: xiadanni <xiadanni1@huawei.com>
---
 VERSION-openeuler                             |  2 +-
 docker.spec                                   |  8 ++++-
 git-commit                                    |  2 +-
 ...3-to-seccomp-whitelist-to-fix-curl-f.patch | 30 +++++++++++++++++++
 series.conf                                   |  1 +
 5 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 patch/0192-docker-add-clone3-to-seccomp-whitelist-to-fix-curl-f.patch

diff --git a/VERSION-openeuler b/VERSION-openeuler
index 3dce88b..5c640dd 100644
--- a/VERSION-openeuler
+++ b/VERSION-openeuler
@@ -1 +1 @@
-18.09.0.116
+18.09.0.117
diff --git a/docker.spec b/docker.spec
index 5479689..8047210 100644
--- a/docker.spec
+++ b/docker.spec
@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 116
+Release: 117
 Summary: The open-source application container engine
 Group: Tools/Docker
 
@@ -212,6 +212,12 @@ fi
 %endif
 
 %changelog
+* Wed Sep 08 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-117
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:add clone3 to seccomp whitelist to fix curl failed in X86
+
 * Fri Sep 03 2021 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-116
 - Type:bugfix
 - CVE:NA
diff --git a/git-commit b/git-commit
index a4b8a7d..25d592d 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-fe98eb898c92a27f02439bc043b071aaadaf3f6e
+cfb8513e11e19660d19486f6a4ac25516f1413cd
diff --git a/patch/0192-docker-add-clone3-to-seccomp-whitelist-to-fix-curl-f.patch b/patch/0192-docker-add-clone3-to-seccomp-whitelist-to-fix-curl-f.patch
new file mode 100644
index 0000000..de46a50
--- /dev/null
+++ b/patch/0192-docker-add-clone3-to-seccomp-whitelist-to-fix-curl-f.patch
@@ -0,0 +1,30 @@
+From 376f6a9de2dcbf9605c23409a880eb3534af6ffa Mon Sep 17 00:00:00 2001
+From: xiadanni <xiadanni1@huawei.com>
+Date: Wed, 8 Sep 2021 09:04:31 +0800
+Subject: [PATCH] docker: add clone3 to seccomp whitelist to fix curl failed in
+ X86
+
+After kernel upgrade to 5.10, clone3 is defined. But if clone3 is not added
+to docker seccomp whitelist, clone3 calling will be rejected in container, which
+causes some commands like curl returns error.
+
+Signed-off-by: xiadanni <xiadanni1@huawei.com>
+---
+ components/engine/profiles/seccomp/seccomp_default.go | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/engine/profiles/seccomp/seccomp_default.go b/components/engine/profiles/seccomp/seccomp_default.go
+index 60550124..ac81c2e0 100644
+--- a/components/engine/profiles/seccomp/seccomp_default.go
++++ b/components/engine/profiles/seccomp/seccomp_default.go
+@@ -449,6 +449,7 @@ func DefaultProfile() *types.Seccomp {
+ 		{
+ 			Names: []string{
+ 				"modify_ldt",
++				"clone3",
+ 			},
+ 			Action: types.ActAllow,
+ 			Args:   []*types.Arg{},
+-- 
+2.27.0
+
diff --git a/series.conf b/series.conf
index 09b3213..743320f 100644
--- a/series.conf
+++ b/series.conf
@@ -189,4 +189,5 @@ patch/0188-docker-check-containerd-pid-before-kill-it.patch
 patch/0189-docker-fix-Access-to-remapped-root-allows-privilege-.patch
 patch/0190-docker-fix-CVE-2021-21285.patch
 patch/0191-rollback-if-docker-restart-when-doing-BlkDiscard.patch
+patch/0192-docker-add-clone3-to-seccomp-whitelist-to-fix-curl-f.patch
 #end