The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3474
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
From c312db1110b56ea8cd20ba64cc8f591ef948ae51 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Fri, 3 Jul 2020 15:14:15 +0200
Subject: [PATCH] api-extensions: add seccomp_allow_deny_syntax extension
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
doc/api-extensions.md | 4 ++++
src/lxc/api_extensions.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index d7b915d283..64cd4bdad4 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -127,3 +127,7 @@ Privileged containers will usually be able to override the
cgroup limits given t
## time\_namespace
This adds time namespace support to LXC.
+
+## seccomp\_allow\_deny\_syntax
+
+This adds the ability to use "denylist" and "allowlist" in seccomp v2 policies.
diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h
index 8061784c85..6d47b4cef4 100644
--- a/src/lxc/api_extensions.h
+++ b/src/lxc/api_extensions.h
@@ -42,6 +42,7 @@ static char *api_extensions[] = {
"cgroup_advanced_isolation",
"network_bridge_vlan",
"time_namespace",
+ "seccomp_allow_deny_syntax",
};
static size_t nr_api_extensions = sizeof(api_extensions) /
sizeof(*api_extensions);
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
