config-linux.md: fix seccomp

Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>

Author: zhouhao

config-linux.md

@@ -498,7 +498,14 @@ For more information about Seccomp, see [Seccomp][seccomp] kernel documentation.
 The actions, architectures, and operators are strings that match the definitions in seccomp.h from [libseccomp][] and are translated to corresponding values.
 A valid list of constants as of libseccomp v2.3.2 is shown below.
 
-Architecture Constants
+**`seccomp`** (object, OPTIONAL)
+
+The following parameters can be specified to setup seccomp:
+
+* **`defaultAction`** *(string, REQUIRED)* - the default action for seccomp.
+
+* **`architectures`** *(array, OPTIONAL)* - the architecture used for system calls. Implementations MUST support at least the following values:
+
 * `SCMP_ARCH_X86`
 * `SCMP_ARCH_X86_64`
 * `SCMP_ARCH_X32`
@@ -518,21 +525,29 @@ Architecture Constants
 * `SCMP_ARCH_PARISC`
 * `SCMP_ARCH_PARISC64`
 
-Action Constants:
-* `SCMP_ACT_KILL`
-* `SCMP_ACT_TRAP`
-* `SCMP_ACT_ERRNO`
-* `SCMP_ACT_TRACE`
-* `SCMP_ACT_ALLOW`
-
-Operator Constants:
-* `SCMP_CMP_NE`
-* `SCMP_CMP_LT`
-* `SCMP_CMP_LE`
-* `SCMP_CMP_EQ`
-* `SCMP_CMP_GE`
-* `SCMP_CMP_GT`
-* `SCMP_CMP_MASKED_EQ`
+* **`syscalls`** *(object, REQUIRED)* - match a syscall in seccomp.
+
+    * **`names`** *(array of strings, REQUIRED)* - the name of the syscall.
+
+    * **`action`** *(string, REQUIRED)* - the action for seccomp rules. Implementations MUST support at least the following values:
+
+    * `SCMP_ACT_KILL`
+    * `SCMP_ACT_TRAP`
+    * `SCMP_ACT_ERRNO`
+    * `SCMP_ACT_TRACE`
+    * `SCMP_ACT_ALLOW`
+
+    * **`args`** *(object, OPTIONAL)* - the specific syscall in seccomp.
+
+        * **`op`** *(string, REQUIRED)* - the operator for syscall arguments in seccomp. Implementations MUST support at least the following values:
+
+        * `SCMP_CMP_NE`
+        * `SCMP_CMP_LT`
+        * `SCMP_CMP_LE`
+        * `SCMP_CMP_EQ`
+        * `SCMP_CMP_GE`
+        * `SCMP_CMP_GT`
+        * `SCMP_CMP_MASKED_EQ`
 
 ###### Example