From 613031b86e78760a31415d8886b68381d865b55b Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Wed, 9 Mar 2022 10:49:08 +0100
Subject: [PATCH] common/seccomp: add rseq syscall (#30620) (#30640)

rseq syscall is available on glibc >= 2.35, and called when CGO is
used. If we don't allow rseq, Beats will eventually crash with an
glibc error: `Fatal glibc error: rseq registration failed`.

Fixes: #30576
(cherry picked from commit f02fa32e0a37d6529983e2181b80bf62e4a16b41)

Co-authored-by: Tiago Queiroz <tiago.queiroz@elastic.co>
---
 CHANGELOG.next.asciidoc                           | 1 +
 libbeat/common/seccomp/policy_linux_386.go        | 1 +
 libbeat/common/seccomp/policy_linux_amd64.go      | 1 +
 libbeat/common/seccomp/seccomp-profiler-allow.txt | 1 +
 4 files changed, 4 insertions(+)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 8d7e345a606c..85b6465ee498 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -40,6 +40,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...main[Check the HEAD dif
 - Fix a logging bug when `ssl.verification_mode` was set to `full` or `certificate`, the command `test output` incorrectly logged that TLS was disabled.
 - Fix the ability for subcommands to be ran properly from the beats containers. {pull}30452[30452]
 - Update docker/distribution dependency library to fix a security issues concerning OCI Manifest Type Confusion Issue. {pull}30462[30462]
+- Fixes Beats crashing when glibc >= 2.35 is used {issue}30576[30576]
 - Log errors when parsing and applying config blocks and if the input is disabled. {pull}30534[30534]
 
 *Auditbeat*
diff --git a/libbeat/common/seccomp/policy_linux_386.go b/libbeat/common/seccomp/policy_linux_386.go
index 40b49113b733..d333394aea73 100644
--- a/libbeat/common/seccomp/policy_linux_386.go
+++ b/libbeat/common/seccomp/policy_linux_386.go
@@ -100,6 +100,7 @@ func init() {
 					"rename",
 					"renameat",
 					"restart_syscall",
+					"rseq",
 					"rt_sigaction",
 					"rt_sigprocmask",
 					"rt_sigreturn",
diff --git a/libbeat/common/seccomp/policy_linux_amd64.go b/libbeat/common/seccomp/policy_linux_amd64.go
index 6096b37bb329..356fb31fe8df 100644
--- a/libbeat/common/seccomp/policy_linux_amd64.go
+++ b/libbeat/common/seccomp/policy_linux_amd64.go
@@ -112,6 +112,7 @@ func init() {
 					"recvmsg",
 					"rename",
 					"renameat",
+					"rseq",
 					"rt_sigaction",
 					"rt_sigprocmask",
 					"rt_sigreturn",
diff --git a/libbeat/common/seccomp/seccomp-profiler-allow.txt b/libbeat/common/seccomp/seccomp-profiler-allow.txt
index e22f3db0eef1..237144d907cb 100644
--- a/libbeat/common/seccomp/seccomp-profiler-allow.txt
+++ b/libbeat/common/seccomp/seccomp-profiler-allow.txt
@@ -3,6 +3,7 @@ mprotect
 set_robust_list
 tgkill
 time
+rseq
 
 # cgo os/user
 access