From 5c0c1eed40140aacb67f53f8682bcc672929967c Mon Sep 17 00:00:00 2001
From: Paulo Gomes <pjbgf@linux.com>
Date: Thu, 17 Oct 2019 09:59:47 +0100
Subject: [PATCH] Remove ptrace from blocked syscalls

Update documentation to reflect that ptrace is no longer blocked on the default profile.

More information:
https://github.com/moby/moby/commit/1124543ca8071074a537a15db251af46a5189907#diff-0ebf5796a57d68894d5550c407061035
---
 engine/security/seccomp.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/engine/security/seccomp.md b/engine/security/seccomp.md
index c001f28c7a..f552c12ebd 100644
--- a/engine/security/seccomp.md
+++ b/engine/security/seccomp.md
@@ -94,7 +94,6 @@ the reason each syscall is blocked rather than white-listed.
 | `pivot_root`        | Deny `pivot_root`, should be privileged operation.                                                           |
 | `process_vm_readv`  | Restrict process inspection capabilities, already blocked by dropping `CAP_PTRACE`.                          |
 | `process_vm_writev` | Restrict process inspection capabilities, already blocked by dropping `CAP_PTRACE`.                          |
-| `ptrace`            | Tracing/profiling syscall, which could leak a lot of information on the host. Already blocked by dropping `CAP_PTRACE`. |
 | `query_module`      | Deny manipulation and functions on kernel modules. Obsolete.                                                  |
 | `quotactl`          | Quota syscall which could let containers disable their own resource limits or process accounting. Also gated by `CAP_SYS_ADMIN`. |
 | `reboot`            | Don't let containers reboot the host. Also gated by `CAP_SYS_BOOT`.                                           |