@@ -16,10 +16,16 @@ restrict the actions available within the container. The `seccomp()` system

 call operates on the seccomp state of the calling process. You can use this

 feature to restrict your application's access.

-This feature is available only if the kernel is configured with `CONFIG_SECCOMP`

-enabled.

+This feature is available only if Docker has been built with seccomp and the

+kernel is configured with `CONFIG_SECCOMP` enabled. To check if your kernel

+supports seccomp:

-> **Note**: Seccomp profiles require seccomp 2.2.1 and are only

+```bash

+$ cat /boot/config-`uname -r` | grep CONFIG_SECCOMP=

+CONFIG_SECCOMP=y

+```

+

+> **Note**: seccomp profiles require seccomp 2.2.1 and are only

 > available starting with Debian 9 "Stretch", Ubuntu 15.10 "Wily", and

 > Fedora 22. To use this feature on Ubuntu 14.04, Debian Wheezy, or

 > Debian Jessie, you must download the [latest static Docker Linux binary](../installation/binaries.md).

@@ -31,7 +37,7 @@ The default seccomp profile provides a sane default for running containers with

 seccomp and disables around 44 system calls out of 300+. It is moderately protective while providing wide application

 compatibility. The default Docker profile (found [here](https://github.com/docker/docker/blob/master/profiles/seccomp/default.json) has a JSON layout in the following form:

-```

+```json

 {

 	"defaultAction": "SCMP_ACT_ERRNO",

 	"architectures": [

@@ -49,7 +55,7 @@ compatibility. The default Docker profile (found [here](https://github.com/docke

 			"name": "accept4",

 			"action": "SCMP_ACT_ALLOW",

 			"args": []

-		}

+		},

 		...

 	]

 }