From 566953194639bb74fba531c86441c9ab7027688f Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Sat, 9 Dec 2023 22:11:13 -0500
Subject: [PATCH] Allow chroot() syscall

Now that pivot_root() is used instead of chroot(), allowing chroot() is
safe.
---
 runtime/init-container/src/seccomp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/runtime/init-container/src/seccomp.c b/runtime/init-container/src/seccomp.c
index 760c9fca..7017554b 100644
--- a/runtime/init-container/src/seccomp.c
+++ b/runtime/init-container/src/seccomp.c
@@ -37,6 +37,7 @@ static const char *allow_syscalls[] = {
     "chmod",
     "chown",
     "chown32",
+    "chroot",
     "clock_adjtime",
     "clock_adjtime64",
     "clock_getres",