From aa10e60371c784c7431acdb6b81b0dadac19a0c9 Mon Sep 17 00:00:00 2001
From: Michael Wolf <michael.wolf@elastic.co>
Date: Wed, 9 Oct 2024 19:04:57 -0700
Subject: [PATCH] revert seccomp change

---
 x-pack/auditbeat/processors/sessionmd/types/process.go | 1 -
 x-pack/auditbeat/seccomp_linux.go                      | 1 -
 2 files changed, 2 deletions(-)

diff --git a/x-pack/auditbeat/processors/sessionmd/types/process.go b/x-pack/auditbeat/processors/sessionmd/types/process.go
index ee05206636d..a437f35310f 100644
--- a/x-pack/auditbeat/processors/sessionmd/types/process.go
+++ b/x-pack/auditbeat/processors/sessionmd/types/process.go
@@ -451,7 +451,6 @@ func (p *Process) ToMap() mapstr.M {
 	if p.End != nil {
 		process.Put("end", p.End)
 	}
-	// TODO: are other Ends needed, ancestors shouldn't end before process
 
 	return process
 }
diff --git a/x-pack/auditbeat/seccomp_linux.go b/x-pack/auditbeat/seccomp_linux.go
index 00184b409e0..4eb0529def0 100644
--- a/x-pack/auditbeat/seccomp_linux.go
+++ b/x-pack/auditbeat/seccomp_linux.go
@@ -27,7 +27,6 @@ func init() {
 
 		// The system/socket dataset uses additional syscalls
 		if err := seccomp.ModifyDefaultPolicy(seccomp.AddSyscall,
-			"eventfd2",
 			"mount",
 			"mq_open", // required for creds kprobe guess trigger.
 			"perf_event_open",