From c8efe3215d255f2c4f33cf939c6bc01e790a7c3d Mon Sep 17 00:00:00 2001
From: Andrew Stucki <andrew.stucki@elastic.co>
Date: Mon, 20 Jul 2020 08:35:53 -0400
Subject: [PATCH 1/3] Fix fchmod syscall seccomp policy

---
 libbeat/common/seccomp/policy_linux_386.go   | 1 +
 libbeat/common/seccomp/policy_linux_amd64.go | 1 +
 2 files changed, 2 insertions(+)

diff --git a/libbeat/common/seccomp/policy_linux_386.go b/libbeat/common/seccomp/policy_linux_386.go
index acbc69ddd1f..01accee41ff 100644
--- a/libbeat/common/seccomp/policy_linux_386.go
+++ b/libbeat/common/seccomp/policy_linux_386.go
@@ -46,6 +46,7 @@ func init() {
 					"exit_group",
 					"fchdir",
 					"fchmod",
+					"fchmodat",
 					"fchown32",
 					"fcntl",
 					"fcntl64",
diff --git a/libbeat/common/seccomp/policy_linux_amd64.go b/libbeat/common/seccomp/policy_linux_amd64.go
index bf1e4bc31c5..00ee86576b8 100644
--- a/libbeat/common/seccomp/policy_linux_amd64.go
+++ b/libbeat/common/seccomp/policy_linux_amd64.go
@@ -51,6 +51,7 @@ func init() {
 					"exit_group",
 					"fchdir",
 					"fchmod",
+					"fchmodat",
 					"fchown",
 					"fcntl",
 					"fdatasync",

From fa9adaa68b09a4cc22d5df7c2cb47f224ebb642b Mon Sep 17 00:00:00 2001
From: Andrew Stucki <andrew.stucki@elastic.co>
Date: Mon, 20 Jul 2020 08:51:10 -0400
Subject: [PATCH 2/3] Fix chown

---
 libbeat/common/seccomp/policy_linux_386.go   | 1 +
 libbeat/common/seccomp/policy_linux_amd64.go | 1 +
 2 files changed, 2 insertions(+)

diff --git a/libbeat/common/seccomp/policy_linux_386.go b/libbeat/common/seccomp/policy_linux_386.go
index 01accee41ff..796b071a104 100644
--- a/libbeat/common/seccomp/policy_linux_386.go
+++ b/libbeat/common/seccomp/policy_linux_386.go
@@ -48,6 +48,7 @@ func init() {
 					"fchmod",
 					"fchmodat",
 					"fchown32",
+					"fchownat",
 					"fcntl",
 					"fcntl64",
 					"fdatasync",
diff --git a/libbeat/common/seccomp/policy_linux_amd64.go b/libbeat/common/seccomp/policy_linux_amd64.go
index 00ee86576b8..4246e6a1a51 100644
--- a/libbeat/common/seccomp/policy_linux_amd64.go
+++ b/libbeat/common/seccomp/policy_linux_amd64.go
@@ -53,6 +53,7 @@ func init() {
 					"fchmod",
 					"fchmodat",
 					"fchown",
+					"fchownat",
 					"fcntl",
 					"fdatasync",
 					"flock",

From 07cfafb516526abfffbfe1ff75f2eef2143a3688 Mon Sep 17 00:00:00 2001
From: Andrew Stucki <andrew.stucki@elastic.co>
Date: Mon, 20 Jul 2020 08:56:33 -0400
Subject: [PATCH 3/3] Add changelog entry

---
 CHANGELOG.next.asciidoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 947321a8fab..ac1904a069a 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -147,6 +147,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Fix config reload metrics (`libbeat.config.module.start/stops/running`). {pull}19168[19168]
 - Fix metrics hints builder to avoid wrong container metadata usage when port is not exposed {pull}18979[18979]
 - Server-side TLS config now validates certificate and key are both specified {pull}19584[19584]
+- Fix seccomp policy for calls to `chmod` and `chown`. {pull}20054[20054]
 
 *Auditbeat*