From e9d5f91fb1c7e6ff546e3e6275f64323641657bb Mon Sep 17 00:00:00 2001
From: Tomas Mudrunka <tomas@mudrunka.cz>
Date: Mon, 10 Feb 2014 22:59:08 +0100
Subject: [PATCH] SECCOMP docs

---
 c/seccomp.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/c/seccomp.c b/c/seccomp.c
index 0b740f3..527daea 100644
--- a/c/seccomp.c
+++ b/c/seccomp.c
@@ -1,6 +1,13 @@
-/* seccomp.c
+/*
+ * seccomp.c (Harvie 2o14)
  *
  * This demonstrates how to use SECCOMP_MODE_STRICT to sandbox code on Linux.
+ * You need kernel compiled with CONFIG_SECCOMP=y.
+ * This prohibits everything except read(2), write(2), _exit(2), and sigreturn(2).
+ * Trying to use other syscalls will result in SIGKILL.
+ * If you need to enable more syscalls you can use SECCOMP_MODE_FILTER instead.
+ * See man 2 prctl for more...
+ *
  */
 
 #include <string.h>
-- 
2.30.2