docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update seccomp.md

This commit is contained in:
Almeida de Almeida 2023-11-12 11:15:29 +02:00 committed by GitHub
parent 970338ff45
commit d035738408
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/engine/security/seccomp.md
View File

@ -26,7 +26,7 @@ protective while providing wide application compatibility. The default Docker
profile can be found profile can be found
[here](https://github.com/moby/moby/blob/master/profiles/seccomp/default.json). [here](https://github.com/moby/moby/blob/master/profiles/seccomp/default.json).
In effect, the profile is a allowlist which denies access to system calls by In effect, the profile is an allowlist which denies access to system calls by
default, then allowlists specific system calls. The profile works by defining a default, then allowlists specific system calls. The profile works by defining a
`defaultAction` of `SCMP_ACT_ERRNO` and overriding that action only for specific `defaultAction` of `SCMP_ACT_ERRNO` and overriding that action only for specific
system calls. The effect of `SCMP_ACT_ERRNO` is to cause a `Permission Denied` system calls. The effect of `SCMP_ACT_ERRNO` is to cause a `Permission Denied`
@ -117,4 +117,4 @@ profile.
```console ```console
$ docker run --rm -it --security-opt seccomp=unconfined debian:jessie \ $ docker run --rm -it --security-opt seccomp=unconfined debian:jessie \
unshare --map-root-user --user sh -c whoami unshare --map-root-user --user sh -c whoami
``` ```