e7a99ae5e1
These syscalls are already blocked by the default capabilities: mlock mlock2 mlockall require CAP_IPC_LOCK vhangup requires CAP_SYS_TTY_CONFIG There is therefore no reason to allow them in the default profile as they cannot be used anyway. Signed-off-by: Justin Cormack <justin.cormack@docker.com> |
||
---|---|---|
.. | ||
apparmor | ||
seccomp |