[mirror_lxc.git] / doc / examples / seccomp-v2-denylist.conf

2
denylist
# v2 allows comments after the second line, with '#' in first column,
# denylist will allow syscalls by default
# if 'errno 0' was not appended to 'mknod' below, then the task would
# simply be killed when it tried to mknod.  'errno 0' means do not allow
# the container to mknod, but immediately return 0.
mknod errno 0
Commit	Line	Data
a7c27357	1	2
78522aa9	2	denylist
a7c27357	3	# v2 allows comments after the second line, with '#' in first column,
78522aa9	4	# denylist will allow syscalls by default
a7c27357 SH	5	# if 'errno 0' was not appended to 'mknod' below, then the task would
	6	# simply be killed when it tried to mknod. 'errno 0' means do not allow
	7	# the container to mknod, but immediately return 0.
	8	mknod errno 0