Enable reading of keyring (#18594)

* [seccomp] Allow keyctl syscall

* [seccomp] Allow additional keys

Author: Furisto

components/ws-daemon/seccomp-profile-installer/main.go

@@ -39,6 +39,9 @@ func main() {
 				"setdomainname",
 				"sethostname",
 				"unshare",
+				"keyctl",
+				"add_key",
+				"request_key",
 			},
 			Action: specs.ActAllow,
 		},
@@ -54,14 +57,6 @@ func main() {
 			Names:  []string{"setns"},
 			Action: specs.ActAllow,
 		},
-		specs.LinuxSyscall{
-			Names: []string{
-				"keyctl",
-			},
-			// prevent call and return ENOSYS to make runc happy
-			// (see https://github.com/opencontainers/runc/issues/1889)
-			Action: specs.ActTrace,
-		},
 	)
 
 	err := enc.Encode(s)