]> git.proxmox.com Git - mirror_lxc.git/blobdiff - doc/examples/seccomp-v2-blacklist.conf
projects / mirror_lxc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
seccomp: extend manpage, and add examples
[mirror_lxc.git] / doc / examples / seccomp-v2-blacklist.conf
diff --git a/doc/examples/seccomp-v2-blacklist.conf b/doc/examples/seccomp-v2-blacklist.conf
new file mode 100644 (file)
index 0000000..1a9222c
--- /dev/null
+++ b/doc/examples/seccomp-v2-blacklist.conf
@@ -0,0 +1,8 @@
+2
+blacklist
+# v2 allows comments after the second line, with '#' in first column,
+# blacklist will allow syscalls by default
+# if 'errno 0' was not appended to 'mknod' below, then the task would
+# simply be killed when it tried to mknod.  'errno 0' means do not allow
+# the container to mknod, but immediately return 0.
+mknod errno 0
LXC mirror