seccomp: allow clone3 syscall for x86

BlackYoup · BlackYoup · commit 2855e0416dc6 · 2021-10-07T15:57:42.000+02:00
clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See elastic/apm-server#6238 for more details
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -211,6 +211,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
   as gauges (rather than counters). {pull}22877[22877]
 - Beats dashboards use custom index when `setup.dashboards.index` is set. {issue}21232[21232] {pull}27901[27901]
 - Fix handling of float data types within processors. {issue}28279[28279] {pull}28280[28280]
+- Allow `clone3` syscall in seccomp filters. {pull}28117[28117]
 
 *Auditbeat*
 
diff --git a/libbeat/common/seccomp/policy_linux_386.go b/libbeat/common/seccomp/policy_linux_386.go
@@ -35,6 +35,7 @@ func init() {
 					"chown",
 					"clock_gettime",
 					"clone",
+					"clone3",
 					"close",
 					"dup",
 					"dup2",
diff --git a/libbeat/common/seccomp/policy_linux_amd64.go b/libbeat/common/seccomp/policy_linux_amd64.go
@@ -38,6 +38,7 @@ func init() {
 					"chown",
 					"clock_gettime",
 					"clone",
+					"clone3",
 					"close",
 					"connect",
 					"dup",
