api-extensions: add seccomp_allow_deny_syntax extension

author Christian Brauner <christian.brauner@ubuntu.com>

Fri, 3 Jul 2020 13:14:15 +0000 (15:14 +0200)

committer Christian Brauner <christian.brauner@ubuntu.com>

Fri, 3 Jul 2020 13:14:15 +0000 (15:14 +0200)
author Christian Brauner <christian.brauner@ubuntu.com>
Fri, 3 Jul 2020 13:14:15 +0000 (15:14 +0200)
committer Christian Brauner <christian.brauner@ubuntu.com>
Fri, 3 Jul 2020 13:14:15 +0000 (15:14 +0200)
diff --git a/doc/api-extensions.md b/doc/api-extensions.md

index d7b915d283217abbeb298bac5a79c8e3a7080312..64cd4bdad4353a30310d11cb5df08699c776dd21 100644 (file)
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -127,3 +127,7 @@ Privileged containers will usually be able to override the cgroup limits given t
  ## time\_namespace
  
  This adds time namespace support to LXC.
+
+## seccomp\_allow\_deny\_syntax
+
+This adds the ability to use "denylist" and "allowlist" in seccomp v2 policies.
diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h

index 8061784c859d874c9c519ff185fbc7d7443f5d87..6d47b4cef4d94206b99c36707efbc5bacb83e985 100644 (file)
--- a/src/lxc/api_extensions.h
+++ b/src/lxc/api_extensions.h
@@ -42,6 +42,7 @@ static char *api_extensions[] = {
         "cgroup_advanced_isolation",
         "network_bridge_vlan",
         "time_namespace",
+       "seccomp_allow_deny_syntax",
  };
  
  static size_t nr_api_extensions = sizeof(api_extensions) / sizeof(*api_extensions);
author	Christian Brauner <christian.brauner@ubuntu.com>
	Fri, 3 Jul 2020 13:14:15 +0000 (15:14 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Fri, 3 Jul 2020 13:14:15 +0000 (15:14 +0200)
doc/api-extensions.md		patch \| blob \| blame \| history
src/lxc/api_extensions.h		patch \| blob \| blame \| history