common/seccomp: add rseq syscall (#30620) (#30640)

rseq syscall is available on glibc >= 2.35, and called when CGO is
used. If we don't allow rseq, Beats will eventually crash with an
glibc error: `Fatal glibc error: rseq registration failed`.

Fixes: #30576
(cherry picked from commit f02fa32)

Co-authored-by: Tiago Queiroz <tiago.queiroz@elastic.co>

CHANGELOG.next.asciidoc

@@ -40,6 +40,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...main[Check the HEAD dif
 - Fix a logging bug when `ssl.verification_mode` was set to `full` or `certificate`, the command `test output` incorrectly logged that TLS was disabled.
 - Fix the ability for subcommands to be ran properly from the beats containers. {pull}30452[30452]
 - Update docker/distribution dependency library to fix a security issues concerning OCI Manifest Type Confusion Issue. {pull}30462[30462]
+- Fixes Beats crashing when glibc >= 2.35 is used {issue}30576[30576]
 - Log errors when parsing and applying config blocks and if the input is disabled. {pull}30534[30534]
 
 *Auditbeat*

libbeat/common/seccomp/policy_linux_386.go

@@ -100,6 +100,7 @@ func init() {
 					"rename",
 					"renameat",
 					"restart_syscall",
+					"rseq",
 					"rt_sigaction",
 					"rt_sigprocmask",
 					"rt_sigreturn",

libbeat/common/seccomp/policy_linux_amd64.go

@@ -112,6 +112,7 @@ func init() {
 					"recvmsg",
 					"rename",
 					"renameat",
+					"rseq",
 					"rt_sigaction",
 					"rt_sigprocmask",
 					"rt_sigreturn",

libbeat/common/seccomp/seccomp-profiler-allow.txt

@@ -3,6 +3,7 @@ mprotect
 set_robust_list
 tgkill
 time
+rseq
 
 # cgo os/user
 access