In case you missed it, we recently merged a default seccomp profile for Docker containers. I urge you to try out the default seccomp profile, mostly so we can rest easy knowing the defaults are sane and your containers work as before. You can download the master version of Docker Engine from master.dockerproject.org or experimental.docker.com. We even have a doc describing the syscalls we purposely block and security vulnerabilities the profile blocked. But that’s not what this blog post is...
