From fc76684fd0165b30f62fa71a6cc3e5185ca382bc Mon Sep 17 00:00:00 2001
From: Sascha Grunert <sgrunert@redhat.com>
Date: Fri, 13 Dec 2024 11:54:49 +0100
Subject: [PATCH] Add `chroot` to runc baseprofile

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
---
 examples/apparmorprofile-sleep.yaml | 1 +
 examples/baseprofile-runc.yaml      | 1 +
 2 files changed, 2 insertions(+)

diff --git a/examples/apparmorprofile-sleep.yaml b/examples/apparmorprofile-sleep.yaml
index 3b4dd543e1..18afe48e5a 100644
--- a/examples/apparmorprofile-sleep.yaml
+++ b/examples/apparmorprofile-sleep.yaml
@@ -19,6 +19,7 @@ spec:
       - setgid
       - setpcap
       - sys_admin
+      - sys_chroot
     executable:
       allowedExecutables:
       - /bin/busybox
diff --git a/examples/baseprofile-runc.yaml b/examples/baseprofile-runc.yaml
index 341f11f1f8..f2983f20c2 100644
--- a/examples/baseprofile-runc.yaml
+++ b/examples/baseprofile-runc.yaml
@@ -15,6 +15,7 @@ spec:
         - capget
         - capset
         - chdir
+        - chroot
         - clone
         - clone3
         - close