From 2f913f72ed371cfe1a1ecf4f272dbfcf9007f4dc Mon Sep 17 00:00:00 2001
From: Arnaud Lefebvre <a.lefebvre@outlook.fr>
Date: Mon, 11 Oct 2021 14:51:24 +0200
Subject: [PATCH] seccomp: allow clone3 syscall for x86 (#28117)

clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See https://github.com/elastic/apm-server/issues/6238 for more details

(cherry picked from commit 82507fda20bee46cee4808d388a0c809dd01ff13)
---
 CHANGELOG.next.asciidoc                      | 3 +++
 libbeat/common/seccomp/policy_linux_386.go   | 1 +
 libbeat/common/seccomp/policy_linux_amd64.go | 1 +
 3 files changed, 5 insertions(+)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 0a9d351f897..0b97955e88b 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -137,6 +137,9 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Preserve annotations in a kubernetes namespace metadata {pull}27045[27045]
 - Allow conditional processing in `decode_xml` and `decode_xml_wineventlog`. {pull}27159[27159]
 - Fix build constraint that caused issues with doc builds. {pull}27381[27381]
+- Beats dashboards use custom index when `setup.dashboards.index` is set. {issue}21232[21232] {pull}27901[27901]
+- Fix handling of float data types within processors. {issue}28279[28279] {pull}28280[28280]
+- Allow `clone3` syscall in seccomp filters. {pull}28117[28117]
 
 *Auditbeat*
 
diff --git a/libbeat/common/seccomp/policy_linux_386.go b/libbeat/common/seccomp/policy_linux_386.go
index 796b071a104..40b49113b73 100644
--- a/libbeat/common/seccomp/policy_linux_386.go
+++ b/libbeat/common/seccomp/policy_linux_386.go
@@ -35,6 +35,7 @@ func init() {
 					"chown",
 					"clock_gettime",
 					"clone",
+					"clone3",
 					"close",
 					"dup",
 					"dup2",
diff --git a/libbeat/common/seccomp/policy_linux_amd64.go b/libbeat/common/seccomp/policy_linux_amd64.go
index 4246e6a1a51..6096b37bb32 100644
--- a/libbeat/common/seccomp/policy_linux_amd64.go
+++ b/libbeat/common/seccomp/policy_linux_amd64.go
@@ -38,6 +38,7 @@ func init() {
 					"chown",
 					"clock_gettime",
 					"clone",
+					"clone3",
 					"close",
 					"connect",
 					"dup",