Merge "Allow Landlock Syscalls" into main

commit: c08ece9fa74ba04e49f7aac422f452c48a701c0a [log] [tgz]
author: Ben Scarlato <akhna@google.com> Mon Mar 24 12:30:24 2025 -0700
committer: Android (Google) Code Review <android-gerrit@google.com> Mon Mar 24 12:30:24 2025 -0700
tree: d7fd44fdd144b876dd93749e5576e85bc0c883ea
parent: 66cd723f518398a51174cad216bfb74f95f763eb [diff]
parent: ba0301243404cd599583a908077ebb39dd237a27 [diff]
diff --git a/libc/SECCOMP_ALLOWLIST_COMMON.TXT b/libc/SECCOMP_ALLOWLIST_COMMON.TXT
index b921aae..41db4e8 100644
--- a/libc/SECCOMP_ALLOWLIST_COMMON.TXT
+++ b/libc/SECCOMP_ALLOWLIST_COMMON.TXT

@@ -79,3 +79,8 @@
 # support seems potentially useful for Android (though the struct that
 # changes size over time is obviously problematic).
 clone3(clone_args*, size_t) all
+# Since 5.13, not in glibc. Probed for and conditionally used by
+# Chrome GPU processes.
+landlock_add_rule(int, uint64_t, const void*, uint32_t) all
+landlock_create_ruleset(const landlock_ruleset_attr*, size_t, uint64_t) all
+landlock_restrict_self(int, uint64_t) all
commit	c08ece9fa74ba04e49f7aac422f452c48a701c0a	[log] [tgz]
author	Ben Scarlato <akhna@google.com>	Mon Mar 24 12:30:24 2025 -0700
committer	Android (Google) Code Review <android-gerrit@google.com>	Mon Mar 24 12:30:24 2025 -0700
tree	d7fd44fdd144b876dd93749e5576e85bc0c883ea
parent	66cd723f518398a51174cad216bfb74f95f763eb [diff]
parent	ba0301243404cd599583a908077ebb39dd237a27 [diff]