bump custom-docker-with-unrestricted-personality.patch to Debian 13

Author: robertkirkman

README.md

@@ -71,7 +71,7 @@ docker run -it --security-opt seccomp:unconfined termux/termux-docker:aarch64
 Variant with custom build of Docker:
 
 > [!NOTE]
-> Example with Debian bookworm `armhf` host and the `docker.io` package. Assumes that [`deb-src` URIs](https://wiki.debian.org/Packaging/SourcePackage?action=show&redirect=SourcePackage#With_apt-get_source) and the [`devscripts` package](https://wiki.debian.org/Packaging#Suggested_tools_to_create_an_environment_for_packaging) are already installed, and that the current user is a member of the `docker` group.
+> Example with Debian trixie `armhf` host and the `docker.io` package. Assumes that [`deb-src` URIs](https://wiki.debian.org/Packaging/SourcePackage?action=show&redirect=SourcePackage#With_apt-get_source) and the [`devscripts` package](https://wiki.debian.org/Packaging#Suggested_tools_to_create_an_environment_for_packaging) are already installed, and that the current user is a member of the `docker` group.
 
 ```.sh
 sudo apt build-dep docker.io

custom-docker-with-unrestricted-personality.patch

@@ -1,8 +1,8 @@
 This removes all restrictions from the personality() system call from within Docker, and
 is only necessary on some specific devices, including some ARM devices but not all ARM devices,
 and only when the --privileged and --security-opt arguments are either not working or not desired,
-which sometimes happens. This patch is designed for the docker.io package version 20.10.24 in
-Debian bookworm: https://packages.debian.org/bookworm/docker.io, but also works when rebased on other
+which sometimes happens. This patch is designed for the docker.io package version 26.1.5 in
+Debian trixie: https://packages.debian.org/trixie/docker.io, but also works when rebased on other
 versions of Docker.
 
 --- a/engine/oci/fixtures/default-old-format.json
@@ -135,7 +135,7 @@ versions of Docker.
  			"excludes": {}
 --- a/engine/profiles/seccomp/default.json
 +++ b/engine/profiles/seccomp/default.json
-@@ -422,77 +422,7 @@
+@@ -441,65 +441,7 @@
  				"personality"
  			],
  			"action": "SCMP_ACT_ALLOW",
@@ -145,10 +145,7 @@ versions of Docker.
 -					"value": 0,
 -					"op": "SCMP_CMP_EQ"
 -				}
--			],
--			"comment": "",
--			"includes": {},
--			"excludes": {}
+-			]
 -		},
 -		{
 -			"names": [
@@ -161,10 +158,7 @@ versions of Docker.
 -					"value": 8,
 -					"op": "SCMP_CMP_EQ"
 -				}
--			],
--			"comment": "",
--			"includes": {},
--			"excludes": {}
+-			]
 -		},
 -		{
 -			"names": [
@@ -177,10 +171,7 @@ versions of Docker.
 -					"value": 131072,
 -					"op": "SCMP_CMP_EQ"
 -				}
--			],
--			"comment": "",
--			"includes": {},
--			"excludes": {}
+-			]
 -		},
 -		{
 -			"names": [
@@ -193,10 +184,7 @@ versions of Docker.
 -					"value": 131080,
 -					"op": "SCMP_CMP_EQ"
 -				}
--			],
--			"comment": "",
--			"includes": {},
--			"excludes": {}
+-			]
 -		},
 -		{
 -			"names": [
@@ -209,72 +197,79 @@ versions of Docker.
 -					"value": 4294967295,
 -					"op": "SCMP_CMP_EQ"
 -				}
--			],
-+			"args": [],
- 			"comment": "",
- 			"includes": {},
- 			"excludes": {}
+-			]
++			"args": []
+ 		},
+ 		{
+ 			"names": [
 --- a/engine/profiles/seccomp/default_linux.go
 +++ b/engine/profiles/seccomp/default_linux.go
-@@ -424,57 +424,7 @@ func DefaultProfile() *Seccomp {
- 		{
- 			Names:  []string{"personality"},
- 			Action: specs.ActAllow,
--			Args: []*specs.LinuxSeccompArg{
--				{
--					Index: 0,
--					Value: 0x0,
--					Op:    specs.OpEqualTo,
+@@ -435,65 +435,6 @@ func DefaultProfile() *Seccomp {
+ 			LinuxSyscall: specs.LinuxSyscall{
+ 				Names:  []string{"personality"},
+ 				Action: specs.ActAllow,
+-				Args: []specs.LinuxSeccompArg{
+-					{
+-						Index: 0,
+-						Value: 0x0,
+-						Op:    specs.OpEqualTo,
+-					},
 -				},
 -			},
 -		},
 -		{
--			Names:  []string{"personality"},
--			Action: specs.ActAllow,
--			Args: []*specs.LinuxSeccompArg{
--				{
--					Index: 0,
--					Value: 0x0008,
--					Op:    specs.OpEqualTo,
+-			LinuxSyscall: specs.LinuxSyscall{
+-				Names:  []string{"personality"},
+-				Action: specs.ActAllow,
+-				Args: []specs.LinuxSeccompArg{
+-					{
+-						Index: 0,
+-						Value: 0x0008,
+-						Op:    specs.OpEqualTo,
+-					},
 -				},
 -			},
 -		},
 -		{
--			Names:  []string{"personality"},
--			Action: specs.ActAllow,
--			Args: []*specs.LinuxSeccompArg{
--				{
--					Index: 0,
--					Value: 0x20000,
--					Op:    specs.OpEqualTo,
+-			LinuxSyscall: specs.LinuxSyscall{
+-				Names:  []string{"personality"},
+-				Action: specs.ActAllow,
+-				Args: []specs.LinuxSeccompArg{
+-					{
+-						Index: 0,
+-						Value: 0x20000,
+-						Op:    specs.OpEqualTo,
+-					},
 -				},
 -			},
 -		},
 -		{
--			Names:  []string{"personality"},
--			Action: specs.ActAllow,
--			Args: []*specs.LinuxSeccompArg{
--				{
--					Index: 0,
--					Value: 0x20008,
--					Op:    specs.OpEqualTo,
+-			LinuxSyscall: specs.LinuxSyscall{
+-				Names:  []string{"personality"},
+-				Action: specs.ActAllow,
+-				Args: []specs.LinuxSeccompArg{
+-					{
+-						Index: 0,
+-						Value: 0x20008,
+-						Op:    specs.OpEqualTo,
+-					},
 -				},
 -			},
 -		},
 -		{
--			Names:  []string{"personality"},
--			Action: specs.ActAllow,
--			Args: []*specs.LinuxSeccompArg{
--				{
--					Index: 0,
--					Value: 0xffffffff,
--					Op:    specs.OpEqualTo,
+-			LinuxSyscall: specs.LinuxSyscall{
+-				Names:  []string{"personality"},
+-				Action: specs.ActAllow,
+-				Args: []specs.LinuxSeccompArg{
+-					{
+-						Index: 0,
+-						Value: 0xffffffff,
+-						Op:    specs.OpEqualTo,
+-					},
 -				},
--			},
-+			Args:   []*specs.LinuxSeccompArg{},
+ 			},
  		},
  		{
- 			Names: []string{
 --- a/engine/profiles/seccomp/fixtures/default-old-format.json
 +++ b/engine/profiles/seccomp/fixtures/default-old-format.json
 @@ -824,38 +824,7 @@
@@ -317,4 +312,3 @@ versions of Docker.
      },
      {
        "name": "pipe",
-