configs: block sched_setaffinity where max_cpus is used

configs/bash-with-fake-geteuid.cfg

@@ -176,7 +176,7 @@ mount {
 }
 
 seccomp_string: "ERRNO(1337) { geteuid }	"
-seccomp_string: "ERRNO(0) { ptrace }		"
+seccomp_string: "ERRNO(1) { ptrace, sched_setaffinity }		"
 seccomp_string: "KILL_PROCESS { syslog }		"
 seccomp_string: "DEFAULT ALLOW			"
 

configs/xchat-with-net.cfg

@@ -133,12 +133,15 @@ mount {
 	is_bind: true
 }
 
-seccomp_string: "KILL_PROCESS {"
-seccomp_string: "	ptrace,"
-seccomp_string: "	process_vm_readv,"
-seccomp_string: "	process_vm_writev"
-seccomp_string: "}"
-seccomp_string: "DEFAULT ALLOW"
+seccomp_string: "KILL_PROCESS {			"
+seccomp_string: "	ptrace,				"
+seccomp_string: "	process_vm_readv,	"
+seccomp_string: "	process_vm_writev	"
+seccomp_string: "},						"
+seccomp_string: "ERRNO(1) {				"
+seccomp_string: "	sched_setaffinity	"
+seccomp_string: "}						"
+seccomp_string: "DEFAULT ALLOW			"
 
 exec_bin {
         path: "/usr/bin/xchat"

configs/znc-with-net.cfg

@@ -15,6 +15,7 @@ cwd: "/home/znc"
 daemon: true
 
 time_limit: 0
+max_cpus: 1
 
 envar: "HOME=/home/znc"
 envar: "TMP=/tmp"
@@ -122,12 +123,15 @@ mount {
 	mandatory: true
 }
 
-seccomp_string: "KILL_PROCESS {"
-seccomp_string: "	ptrace,"
-seccomp_string: "	process_vm_readv,"
-seccomp_string: "	process_vm_writev"
-seccomp_string: "}"
-seccomp_string: "DEFAULT ALLOW"
+seccomp_string: "KILL_PROCESS {			"
+seccomp_string: "	ptrace,				"
+seccomp_string: "	process_vm_readv,	"
+seccomp_string: "	process_vm_writev	"
+seccomp_string: "},						"
+seccomp_string: "ERRNO(1) {				"
+seccomp_string: "	sched_setaffinity	"
+seccomp_string: "}						"
+seccomp_string: "DEFAULT ALLOW			"
 
 exec_bin {
 	path: "/usr/bin/znc"