configs/imagemagick: more syscalls allowed

diff --git a/configs/imagemagick-convert.cfg b/configs/imagemagick-convert.cfg
index dae41ab65beee9e9e3c379f3ba5d71e37304bc6c..ed95620e328d67405c6428e3571a85f5f6932e2c 100644 (file)
--- a/configs/imagemagick-convert.cfg
+++ b/configs/imagemagick-convert.cfg
@@ -72,14 +72,14 @@ mount {
 
 seccomp_string: "POLICY imagemagick_convert {"
 seccomp_string: "  ALLOW {"
-seccomp_string: "    read, write, open, close, newstat, newfstat,"
+seccomp_string: "    read, write, open, openat, close, newstat, newfstat,"
 seccomp_string: "    newlstat, lseek, mmap, mprotect, munmap, brk,"
 seccomp_string: "    rt_sigaction, rt_sigprocmask, pwrite64, access,"
 seccomp_string: "    getpid, execveat, getdents, unlink, fchmod,"
 seccomp_string: "    getrlimit, getrusage, sysinfo, times, futex,"
 seccomp_string: "    arch_prctl, sched_getaffinity, set_tid_address,"
 seccomp_string: "    clock_gettime, set_robust_list, exit_group,"
-seccomp_string: "    clone, getcwd, pread64, readlink"
+seccomp_string: "    clone, getcwd, pread64, readlink, prlimit64"
 seccomp_string: "  }"
 seccomp_string: "}"
 seccomp_string: "USE imagemagick_convert DEFAULT KILL"