From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 3 Jul 2020 13:14:15 +0000 (+0200)
Subject: api-extensions: add seccomp_allow_deny_syntax extension
X-Git-Tag: lxc-5.0.0~397^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c312db1110b56ea8cd20ba64cc8f591ef948ae51;p=thirdparty%2Flxc.git

api-extensions: add seccomp_allow_deny_syntax extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index d7b915d28..64cd4bdad 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -127,3 +127,7 @@ Privileged containers will usually be able to override the cgroup limits given t
 ## time\_namespace
 
 This adds time namespace support to LXC.
+
+## seccomp\_allow\_deny\_syntax
+
+This adds the ability to use "denylist" and "allowlist" in seccomp v2 policies.
diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h
index 8061784c8..6d47b4cef 100644
--- a/src/lxc/api_extensions.h
+++ b/src/lxc/api_extensions.h
@@ -42,6 +42,7 @@ static char *api_extensions[] = {
 	"cgroup_advanced_isolation",
 	"network_bridge_vlan",
 	"time_namespace",
+	"seccomp_allow_deny_syntax",
 };
 
 static size_t nr_api_extensions = sizeof(api_extensions) / sizeof(*api_extensions);