docs: update seccomp whitelist

the 'modify_ldt' was listed as "blocked by default", but was whitelisted in 13a9d4e8993997b2bf9be7e96a8d7978a73d0b9b this updates the documentation to reflect this Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: 2cddd1cd1f3135f36f6afcc84ddfda904aeee3b5 Component: engine
2016-05-11 18:45:27 +02:00
parent eb47def058
commit d537ac63ac
1 changed files with 0 additions and 1 deletions
--- a/components/engine/docs/security/seccomp.md
+++ b/components/engine/docs/security/seccomp.md
@ -99,7 +99,6 @@ the reason each syscall is blocked rather than white-listed.
 | `keyctl`            | Prevent containers from using the kernel keyring, which is not namespaced.                                   |
 | `lookup_dcookie`    | Tracing/profiling syscall, which could leak a lot of information on the host.                                |
 | `mbind`             | Syscall that modifies kernel memory and NUMA settings. Already gated by `CAP_SYS_NICE`.                      |
-| `modify_ldt`        | Old syscall only used in 16-bit code and a potential information leak.                                       |
 | `mount`             | Deny mounting, already gated by `CAP_SYS_ADMIN`.                                                             |
 | `move_pages`        | Syscall that modifies kernel memory and NUMA settings.                                                       |
 | `name_to_handle_at` | Sister syscall to `open_by_handle_at`. Already gated by `CAP_SYS_NICE`.                                      |