From c312db1110b56ea8cd20ba64cc8f591ef948ae51 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 3 Jul 2020 15:14:15 +0200
Subject: [PATCH] api-extensions: add seccomp_allow_deny_syntax extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 doc/api-extensions.md    | 4 ++++
 src/lxc/api_extensions.h | 1 +
 2 files changed, 5 insertions(+)

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index d7b915d28..64cd4bdad 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -127,3 +127,7 @@ Privileged containers will usually be able to override the cgroup limits given t
 ## time\_namespace
 
 This adds time namespace support to LXC.
+
+## seccomp\_allow\_deny\_syntax
+
+This adds the ability to use "denylist" and "allowlist" in seccomp v2 policies.
diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h
index 8061784c8..6d47b4cef 100644
--- a/src/lxc/api_extensions.h
+++ b/src/lxc/api_extensions.h
@@ -42,6 +42,7 @@ static char *api_extensions[] = {
 	"cgroup_advanced_isolation",
 	"network_bridge_vlan",
 	"time_namespace",
+	"seccomp_allow_deny_syntax",
 };
 
 static size_t nr_api_extensions = sizeof(api_extensions) / sizeof(*api_extensions);
-- 
2.47.2