From 9095dbb283e5fe1c6248e6187e10cc20f47f1ef9 Mon Sep 17 00:00:00 2001
From: Andrea Manzini <andrea.manzini@suse.com>
Date: Tue, 8 Jul 2025 15:37:45 +0200
Subject: [PATCH] Make bpf filter compilation deterministic

replaced HashMap with BTreeMap in the bpf filter compiler

Signed-off-by: Andrea Manzini <ilmanzo@gmail.com>
---
 src/seccompiler/src/lib.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/seccompiler/src/lib.rs b/src/seccompiler/src/lib.rs
index ecd157c4449..93b9dac2732 100644
--- a/src/seccompiler/src/lib.rs
+++ b/src/seccompiler/src/lib.rs
@@ -1,7 +1,7 @@
 // Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-use std::collections::HashMap;
+use std::collections::BTreeMap;
 use std::fs::File;
 use std::io::{Read, Seek};
 use std::os::fd::{AsRawFd, FromRawFd};
@@ -91,7 +91,7 @@ pub fn compile_bpf(
     // SAFETY: Safe because the parameters are valid.
     let mut memfd = unsafe { File::from_raw_fd(memfd_fd) };
 
-    let mut bpf_map: HashMap<String, Vec<u64>> = HashMap::new();
+    let mut bpf_map: BTreeMap<String, Vec<u64>> = BTreeMap::new();
     for (name, filter) in bpf_map_json.0.iter() {
         let default_action = filter.default_action.to_scmp_type();
         let filter_action = filter.filter_action.to_scmp_type();