@@ -28,38 +28,30 @@ enabled.

 ## Passing a profile for a container

 The default seccomp profile provides a sane default for running containers with

-seccomp. It is moderately protective while providing wide application

-compatibility. The default Docker profile has layout in the following form:

+seccomp and disables around 44 system calls out of 300+. It is moderately protective while providing wide application

+compatibility. The default Docker profile (found [here](https://github.com/docker/docker/blob/master/profiles/seccomp/default.json) has a JSON layout in the following form:

 ```

 {

-    "defaultAction": "SCMP_ACT_ALLOW",

-    "syscalls": [

-        {

-            "name": "getcwd",

-            "action": "SCMP_ACT_ERRNO"

-        },

-        {

-            "name": "mount",

-            "action": "SCMP_ACT_ERRNO"

-        },

-        {

-            "name": "setns",

-            "action": "SCMP_ACT_ERRNO"

-        },

-        {

-            "name": "create_module",

-            "action": "SCMP_ACT_ERRNO"

-        },

-        {

-            "name": "chown",

-            "action": "SCMP_ACT_ERRNO"

-        },

-        {

-            "name": "chmod",

-            "action": "SCMP_ACT_ERRNO"

-        }

-    ]

+	"defaultAction": "SCMP_ACT_ERRNO",

+	"architectures": [

+		"SCMP_ARCH_X86_64",

+		"SCMP_ARCH_X86",

+		"SCMP_ARCH_X32"

+	],

+	"syscalls": [

+		{

+			"name": "accept",

+			"action": "SCMP_ACT_ALLOW",

+			"args": []

+		},

+		{

+			"name": "accept4",

+			"action": "SCMP_ACT_ALLOW",

+			"args": []

+		}

+		...

+	]

 }

 ```

@@ -71,7 +63,7 @@ specifies the default policy:

 $ docker run --rm -it --security-opt seccomp:/path/to/seccomp/profile.json hello-world

 ```

-### Syscalls blocked by the default profile

+### Significant syscalls blocked by the default profile

 Docker's default seccomp profile is a whitelist which specifies the calls that

 are allowed. The table below lists the significant (but not all) syscalls that