From 244e5fc51653b47a974ad111022ea923ddebaf05 Mon Sep 17 00:00:00 2001
From: Steven Iveson <sjiveson@outlook.com>
Date: Mon, 29 Feb 2016 16:03:31 +0000
Subject: [PATCH] Update seccomp.md

Corrected titles to use title case. Added link to default.json and some numerical detail. Changed example JSON to a portion of the actual default file, with the correct defaultAction.

Signed-off-by: Steven Iveson <steven.iveson@infinityworks.com>
---
 docs/security/seccomp.md | 52 +++++++++++++++++-----------------------
 1 file changed, 22 insertions(+), 30 deletions(-)

diff --git a/docs/security/seccomp.md b/docs/security/seccomp.md
index dbaf4d1d2a..c9346b5d09 100644
--- a/docs/security/seccomp.md
+++ b/docs/security/seccomp.md
@@ -28,38 +28,30 @@ enabled.
 ## Passing a profile for a container
 
 The default seccomp profile provides a sane default for running containers with
-seccomp. It is moderately protective while providing wide application
-compatibility. The default Docker profile has layout in the following form:
+seccomp and disables around 44 system calls out of 300+. It is moderately protective while providing wide application
+compatibility. The default Docker profile (found [here](https://github.com/docker/docker/blob/master/profiles/seccomp/default.json) has a JSON layout in the following form:
 
 ```
 {
-    "defaultAction": "SCMP_ACT_ALLOW",
-    "syscalls": [
-        {
-            "name": "getcwd",
-            "action": "SCMP_ACT_ERRNO"
-        },
-        {
-            "name": "mount",
-            "action": "SCMP_ACT_ERRNO"
-        },
-        {
-            "name": "setns",
-            "action": "SCMP_ACT_ERRNO"
-        },
-        {
-            "name": "create_module",
-            "action": "SCMP_ACT_ERRNO"
-        },
-        {
-            "name": "chown",
-            "action": "SCMP_ACT_ERRNO"
-        },
-        {
-            "name": "chmod",
-            "action": "SCMP_ACT_ERRNO"
-        }
-    ]
+	"defaultAction": "SCMP_ACT_ERRNO",
+	"architectures": [
+		"SCMP_ARCH_X86_64",
+		"SCMP_ARCH_X86",
+		"SCMP_ARCH_X32"
+	],
+	"syscalls": [
+		{
+			"name": "accept",
+			"action": "SCMP_ACT_ALLOW",
+			"args": []
+		},
+		{
+			"name": "accept4",
+			"action": "SCMP_ACT_ALLOW",
+			"args": []
+		}
+		...
+	]
 }
 ```
 
@@ -71,7 +63,7 @@ specifies the default policy:
 $ docker run --rm -it --security-opt seccomp:/path/to/seccomp/profile.json hello-world
 ```
 
-### Syscalls blocked by the default profile
+### Significant syscalls blocked by the default profile
 
 Docker's default seccomp profile is a whitelist which specifies the calls that
 are allowed. The table below lists the significant (but not all) syscalls that