From 5efc4609bdfb3db976f0e73f9da7148147d28eee Mon Sep 17 00:00:00 2001
From: Kevin Mihelich <kevin@archlinuxarm.org>
Date: Wed, 21 Mar 2018 17:26:15 +0000
Subject: [PATCH] seccomp: include ARM cacheflush in @default

Whitelist the cacheflush system call, so that applications using it
don't trigger a segfault when run under systemd-nspawn.
---
 src/shared/seccomp-util.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 220658b3a..e244da0e4 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -273,6 +273,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 .name = "@default",
                 .help = "System calls that are always permitted",
                 .value =
+                "cacheflush\0"
                 "clock_getres\0"
                 "clock_gettime\0"
                 "clock_nanosleep\0"
-- 
2.16.2