2
blacklist
# v2 allows comments after the second line, with '#' in first column,
# blacklist will allow syscalls by default
# if 'errno 0' was not appended to 'mknod' below, then the task would
# simply be killed when it tried to mknod.  'errno 0' means do not allow
# the container to mknod, but immediately return 0.
mknod errno 0