You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: config-linux.md
+50-35Lines changed: 50 additions & 35 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -498,41 +498,56 @@ For more information about Seccomp, see [Seccomp][seccomp] kernel documentation.
498
498
The actions, architectures, and operators are strings that match the definitions in seccomp.h from [libseccomp][] and are translated to corresponding values.
499
499
A valid list of constants as of libseccomp v2.3.2 is shown below.
500
500
501
-
Architecture Constants
502
-
*`SCMP_ARCH_X86`
503
-
*`SCMP_ARCH_X86_64`
504
-
*`SCMP_ARCH_X32`
505
-
*`SCMP_ARCH_ARM`
506
-
*`SCMP_ARCH_AARCH64`
507
-
*`SCMP_ARCH_MIPS`
508
-
*`SCMP_ARCH_MIPS64`
509
-
*`SCMP_ARCH_MIPS64N32`
510
-
*`SCMP_ARCH_MIPSEL`
511
-
*`SCMP_ARCH_MIPSEL64`
512
-
*`SCMP_ARCH_MIPSEL64N32`
513
-
*`SCMP_ARCH_PPC`
514
-
*`SCMP_ARCH_PPC64`
515
-
*`SCMP_ARCH_PPC64LE`
516
-
*`SCMP_ARCH_S390`
517
-
*`SCMP_ARCH_S390X`
518
-
*`SCMP_ARCH_PARISC`
519
-
*`SCMP_ARCH_PARISC64`
520
-
521
-
Action Constants:
522
-
*`SCMP_ACT_KILL`
523
-
*`SCMP_ACT_TRAP`
524
-
*`SCMP_ACT_ERRNO`
525
-
*`SCMP_ACT_TRACE`
526
-
*`SCMP_ACT_ALLOW`
527
-
528
-
Operator Constants:
529
-
*`SCMP_CMP_NE`
530
-
*`SCMP_CMP_LT`
531
-
*`SCMP_CMP_LE`
532
-
*`SCMP_CMP_EQ`
533
-
*`SCMP_CMP_GE`
534
-
*`SCMP_CMP_GT`
535
-
*`SCMP_CMP_MASKED_EQ`
501
+
**`seccomp`** (object, OPTIONAL)
502
+
503
+
The following parameters can be specified to setup seccomp:
504
+
505
+
***`defaultAction`***(string, REQUIRED)* - the action for seccomp rules. Implementations MUST support at least the following values:
506
+
507
+
*`SCMP_ACT_KILL`
508
+
*`SCMP_ACT_TRAP`
509
+
*`SCMP_ACT_ERRNO`
510
+
*`SCMP_ACT_TRACE`
511
+
*`SCMP_ACT_ALLOW`
512
+
513
+
***`architectures`***(array, OPTIONAL)* - the architecture used for system calls. Implementations MUST support at least the following values:
514
+
515
+
*`SCMP_ARCH_X86`
516
+
*`SCMP_ARCH_X86_64`
517
+
*`SCMP_ARCH_X32`
518
+
*`SCMP_ARCH_ARM`
519
+
*`SCMP_ARCH_AARCH64`
520
+
*`SCMP_ARCH_MIPS`
521
+
*`SCMP_ARCH_MIPS64`
522
+
*`SCMP_ARCH_MIPS64N32`
523
+
*`SCMP_ARCH_MIPSEL`
524
+
*`SCMP_ARCH_MIPSEL64`
525
+
*`SCMP_ARCH_MIPSEL64N32`
526
+
*`SCMP_ARCH_PPC`
527
+
*`SCMP_ARCH_PPC64`
528
+
*`SCMP_ARCH_PPC64LE`
529
+
*`SCMP_ARCH_S390`
530
+
*`SCMP_ARCH_S390X`
531
+
*`SCMP_ARCH_PARISC`
532
+
*`SCMP_ARCH_PARISC64`
533
+
534
+
***`syscalls`***(object, REQUIRED)* - match a syscall in seccomp.
535
+
536
+
***`names`***(array of strings, REQUIRED)* - the name of the syscall.
537
+
538
+
***`action`***(string, REQUIRED)* - the action for syscall.
539
+
540
+
***`args`***(object, OPTIONAL)* - the specific syscall in seccomp.
541
+
542
+
* **`op`** *(string, REQUIRED)* - the operator for syscall arguments in seccomp. Implementations MUST support at least the following values:
0 commit comments