From ac941e6b037de80ab68e764e81ca1b2e45d2a16e Mon Sep 17 00:00:00 2001
From: nvcastet <nvcastet@us.ibm.com>
Date: Mon, 11 Jun 2018 09:16:15 -0500
Subject: [PATCH] Update seccomp.md

Fix #6854
---
 engine/security/seccomp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/engine/security/seccomp.md b/engine/security/seccomp.md
index a343094564..01e677c18f 100644
--- a/engine/security/seccomp.md
+++ b/engine/security/seccomp.md
@@ -86,7 +86,7 @@ the reason each syscall is blocked rather than white-listed.
 | `mbind`             | Syscall that modifies kernel memory and NUMA settings. Already gated by `CAP_SYS_NICE`.                      |
 | `mount`             | Deny mounting, already gated by `CAP_SYS_ADMIN`.                                                             |
 | `move_pages`        | Syscall that modifies kernel memory and NUMA settings.                                                       |
-| `name_to_handle_at` | Sister syscall to `open_by_handle_at`. Already gated by `CAP_SYS_NICE`.                                      |
+| `name_to_handle_at` | Sister syscall to `open_by_handle_at`. Already gated by `CAP_DAC_READ_SEARCH`.                                      |
 | `nfsservctl`        | Deny interaction with the kernel nfs daemon. Obsolete since Linux 3.1.                                       |
 | `open_by_handle_at` | Cause of an old container breakout. Also gated by `CAP_DAC_READ_SEARCH`.                                     |
 | `perf_event_open`   | Tracing/profiling syscall, which could leak a lot of information on the host.                                |