[lxc-devel] [lxc/master] api-extensions: add seccomp_allow_deny_syntax extension
brauner on Github
lxc-bot at linuxcontainers.org
Fri Jul 3 13:15:16 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200703/39b52626/attachment.bin>
-------------- next part --------------
From c312db1110b56ea8cd20ba64cc8f591ef948ae51 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Fri, 3 Jul 2020 15:14:15 +0200
Subject: [PATCH] api-extensions: add seccomp_allow_deny_syntax extension
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
doc/api-extensions.md | 4 ++++
src/lxc/api_extensions.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index d7b915d283..64cd4bdad4 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -127,3 +127,7 @@ Privileged containers will usually be able to override the cgroup limits given t
## time\_namespace
This adds time namespace support to LXC.
+
+## seccomp\_allow\_deny\_syntax
+
+This adds the ability to use "denylist" and "allowlist" in seccomp v2 policies.
diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h
index 8061784c85..6d47b4cef4 100644
--- a/src/lxc/api_extensions.h
+++ b/src/lxc/api_extensions.h
@@ -42,6 +42,7 @@ static char *api_extensions[] = {
"cgroup_advanced_isolation",
"network_bridge_vlan",
"time_namespace",
+ "seccomp_allow_deny_syntax",
};
static size_t nr_api_extensions = sizeof(api_extensions) / sizeof(*api_extensions);
More information about the lxc-devel
mailing list