Skip to content

Commit

Permalink
config-linux.md: formalize the order of seccomp.syscalls
Browse files Browse the repository at this point in the history 
Corresponds to the behavior of existing implementations such as runc

Signed-off-by: Akihiro Suda <[email protected]>
  • Loading branch information
@AkihiroSuda
AkihiroSuda committed Sep 2, 2022
1 parent 86290f6 commit 1770f63
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions config-linux.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -718,6 +718,7 @@ The following parameters can be specified to set up seccomp:
This field MUST NOT be set if `listenerPath` is not set.

* **`syscalls`** *(array of objects, OPTIONAL)* - match a syscall in seccomp.
When the syscall matches multiple entries, only the first entry is effective.
While this property is OPTIONAL, some values of `defaultAction` are not useful without `syscalls` entries.
For example, if `defaultAction` is `SCMP_ACT_KILL` and `syscalls` is empty or unset, the kernel will kill the container process on its first syscall.
Each entry has the following structure:
Expand Down

0 comments on commit 1770f63

Please sign in to comment.