From 9ebd498a55fa87129cdc60cdc3bca66f26c49454 Mon Sep 17 00:00:00 2001
From: Robert Tonic <btonic@users.noreply.github.com>
Date: Tue, 24 Sep 2019 18:37:25 -0400
Subject: [PATCH] Remove unecessary seccomp permission.

This removes the F_DUPFD_CLOEXEC support for the gofer, previously
required when depending on the STL net package.
---
 runsc/fsgofer/filter/config.go | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/runsc/fsgofer/filter/config.go b/runsc/fsgofer/filter/config.go
index 8989cdb2f..a3f104a58 100644
--- a/runsc/fsgofer/filter/config.go
+++ b/runsc/fsgofer/filter/config.go
@@ -83,10 +83,6 @@ var allowedSyscalls = seccomp.SyscallRules{
 			seccomp.AllowAny{},
 			seccomp.AllowValue(syscall.F_GETFD),
 		},
-		{
-			seccomp.AllowAny{},
-			seccomp.AllowValue(syscall.F_DUPFD_CLOEXEC),
-		},
 	},
 	syscall.SYS_FSTAT:     {},
 	syscall.SYS_FSTATFS:   {},