From 2d0316cb43d6cd85ed2f6d67bb0fff601e98ec12 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Thu, 17 Mar 2016 08:03:50 -0400
Subject: [PATCH] Fix documentation on --security-opt seccomp

Missing documentation and man pages on seccomp options.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
 docs/reference/run.md  | 3 +++
 man/docker-create.1.md | 9 +++++++++
 man/docker-run.1.md    | 3 +++
 3 files changed, 15 insertions(+)

diff --git a/docs/reference/run.md b/docs/reference/run.md
index d004300de5..d0b33510f1 100644
--- a/docs/reference/run.md
+++ b/docs/reference/run.md
@@ -608,6 +608,9 @@ with the same logic -- if the original volume was specified with a name it will
                                          to the container
     --security-opt="no-new-privileges" : Disable container processes from gaining
                                          new privileges
+    --security-opt="seccomp:unconfined": Turn off seccomp confinement for the container
+    --security-opt="seccomp:profile.json: White listed syscalls seccomp Json file to be used as a seccomp filter
+
 
 You can override the default labeling scheme for each container by specifying
 the `--security-opt` flag. For example, you can specify the MCS/MLS level, a
diff --git a/man/docker-create.1.md b/man/docker-create.1.md
index 95d171fec3..376f8308a5 100644
--- a/man/docker-create.1.md
+++ b/man/docker-create.1.md
@@ -316,6 +316,15 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
 **--security-opt**=[]
    Security Options
 
+   "label:user:USER"   : Set the label user for the container
+    "label:role:ROLE"   : Set the label role for the container
+    "label:type:TYPE"   : Set the label type for the container
+    "label:level:LEVEL" : Set the label level for the container
+    "label:disable"     : Turn off label confinement for the container
+    "no-new-privileges" : Disable container processes from gaining additional privileges
+    "seccomp:unconfined" : Turn off seccomp confinement for the container
+    "seccomp:profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
+
 **--stop-signal**=*SIGTERM*
   Signal to stop a container. Default is SIGTERM.
 
diff --git a/man/docker-run.1.md b/man/docker-run.1.md
index c44dd603d0..c92dd6a2c9 100644
--- a/man/docker-run.1.md
+++ b/man/docker-run.1.md
@@ -468,8 +468,11 @@ its root filesystem mounted as read only prohibiting any writes.
     "label:type:TYPE"   : Set the label type for the container
     "label:level:LEVEL" : Set the label level for the container
     "label:disable"     : Turn off label confinement for the container
+
     "no-new-privileges" : Disable container processes from gaining additional privileges
 
+    "seccomp:unconfined" : Turn off seccomp confinement for the container
+    "seccomp:profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
 
 **--stop-signal**=*SIGTERM*
   Signal to stop a container. Default is SIGTERM.