docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove reference to socket and socketcall

This commit is contained in:
Paulo Gomes 2019-10-17 09:53:28 +01:00 committed by GitHub
parent 04b5f87b28
commit d32f93ca93
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
engine/security/seccomp.md
View File

@ -37,9 +37,8 @@ default, then whitelists specific system calls. The profile works by defining a
system calls. The effect of `SCMP_ACT_ERRNO` is to cause a `Permission Denied`
error. Next, the profile defines a specific list of system calls which are fully
allowed, because their `action` is overridden to be `SCMP_ACT_ALLOW`. Finally,
some specific rules are for individual system calls such as `personality`,
`socket`, `socketcall`, and others, to allow variants of those system calls with
specific arguments.
some specific rules are for individual system calls such as `personality`, and others,
to allow variants of those system calls with specific arguments.
`seccomp` is instrumental for running Docker containers with least privilege. It
is not recommended to change the default `seccomp` profile.