From 710b164c91424e1b96a21a0bbc3e0cbdbbe84c2d Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Mon, 16 Feb 2026 01:46:28 +0900
Subject: [PATCH] internal/pkg: allow devel syscalls

This is required by the GLib test suite, and possibly others.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 internal/pkg/exec.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/pkg/exec.go b/internal/pkg/exec.go
index 3995563..bb0c7ba 100644
--- a/internal/pkg/exec.go
+++ b/internal/pkg/exec.go
@@ -388,7 +388,8 @@ func (a *execArtifact) cure(f *FContext, hostNet bool) (err error) {
 
 	z := container.New(ctx, f.GetMessage())
 	z.WaitDelay = execWaitDelay
-	z.SeccompPresets |= std.PresetStrict & ^std.PresetDenyNS
+	z.SeccompPresets |= std.PresetStrict &
+		^(std.PresetDenyNS | std.PresetDenyDevel)
 	z.SeccompFlags |= seccomp.AllowMultiarch
 	z.ParentPerm = 0700
 	z.HostNet = hostNet