From a162f3c0f40ce0ca1771be20f787c72bb055bd86 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Tue, 6 Feb 2024 14:06:07 +0100
Subject: [PATCH] seccomp: add futex_wake syscall (kernel v6.7, libseccomp
 v2.5.5)

Add this syscall to match the profile in containerd

containerd: https://github.com/containerd/containerd/commit/a6e52c74fa043a63d7dae4ac6998215f6c1bb6ac
libseccomp: https://github.com/seccomp/libseccomp/commit/53267af3fb56eed93a50b8ef92f41825c97a7813
kernel: https://github.com/torvalds/linux/commit/9f6c532f59b20580acf8ede9409c9b8dce6e74e1

    futex: Add sys_futex_wake()

    To complement sys_futex_waitv() add sys_futex_wake(). This syscall
    implements what was previously known as FUTEX_WAKE_BITSET except it
    uses 'unsigned long' for the bitmask and takes FUTEX2 flags.

    The 'unsigned long' allows FUTEX2_SIZE_U64 on 64bit platforms.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d69729e0533e63a436822949b472e3fc8f7d6c40)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 profiles/seccomp/default.json     | 1 +
 profiles/seccomp/default_linux.go | 1 +
 2 files changed, 2 insertions(+)

diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
index 3f84ad5e3c..6a608dfaae 100644
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -136,6 +136,7 @@
 				"futex_time64",
 				"futex_wait",
 				"futex_waitv",
+				"futex_wake",
 				"futimesat",
 				"getcpu",
 				"getcwd",
diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
index 1941e29248..9fa05d4b3c 100644
--- a/profiles/seccomp/default_linux.go
+++ b/profiles/seccomp/default_linux.go
@@ -128,6 +128,7 @@ func DefaultProfile() *Seccomp {
 					"futex_time64",
 					"futex_wait", // kernel v6.7, libseccomp v2.5.5
 					"futex_waitv",
+					"futex_wake", // kernel v6.7, libseccomp v2.5.5
 					"futimesat",
 					"getcpu",
 					"getcwd",