diff --git a/README.md b/README.md index e5ddeea..8b593af 100644 --- a/README.md +++ b/README.md @@ -18,3 +18,4 @@ The security profile is necessary to modify the allowed syscalls. See https://bl https://github.com/jessfraz/dotfiles/blob/main/etc/docker/seccomp/chrome.json for the original source of this profile. Since then, it seems the Chromium requirements have evolved, so [another set of permissions needed to be granted](https://github.com/jlandure/alpine-chrome/issues/272). +[And another one.](https://github.com/webfactory/docker-alpine-chromium/pull/3) diff --git a/chrome.json b/chrome.json index 34234d8..ddd1d95 100644 --- a/chrome.json +++ b/chrome.json @@ -1590,6 +1590,46 @@ "name": "epoll_pwait2", "action": "SCMP_ACT_ALLOW", "args": null + }, + { + "name": "preadv2", + "action": "SCMP_ACT_ALLOW", + "args": null + }, + { + "name": "pwritev2", + "action": "SCMP_ACT_ALLOW", + "args": null + }, + { + "name": "pkey_alloc", + "action": "SCMP_ACT_ALLOW", + "args": null + }, + { + "name": "pkey_free", + "action": "SCMP_ACT_ALLOW", + "args": null + }, + { + "name": "pkey_mprotect", + "action": "SCMP_ACT_ALLOW", + "args": null + }, + { + "name": "membarrier", + "action": "SCMP_ACT_ALLOW", + "args": null + }, + { + "name": "rseq", + "action": "SCMP_ACT_ALLOW", + "args": null + }, + { + "name": "clone3", + "action": "SCMP_ACT_ALLOW", + "args": null } ] }