Clarify seccomp pidFd description and example

rata · rata · commit c26b218fff2a · 2020-12-07T14:00:18.000+01:00
Signed-off-by: Rodrigo Campos &lt;rodrigo@kinvolk.io&gt;
diff --git a/config-linux.md b/config-linux.md
@@ -634,8 +634,9 @@ The following parameters can be specified to set up seccomp:
 
     The runtime sends the following file descriptors using `SCM_RIGHTS` and set their names in the `fds` array of the [container process state](#containerprocessstate):
 
-    * **`seccompFd`** (int, REQUIRED) is the seccomp file descriptor returned by the seccomp syscall.
-    * **`pidFd`** (int, OPTIONAL) is the process file descriptor (e.g as returned by `pidfd_open(2)` or by `clone(2)` with the `CLONE_PID` flag).
+    * **`seccompFd`** (string, REQUIRED) is the seccomp file descriptor returned by the seccomp syscall.
+    * **`pidFd`** (string, OPTIONAL) is the process file descriptor (e.g as returned by `pidfd_open(2)` or by `clone(2)` with the `CLONE_PID` flag).
+        This refers to the container's pid 1 if the container is being created or to the process that entered the container with exec.
 
 * **`listenerMetadata`** *(string, OPTIONAL)* - specifies an opaque data to pass to the seccomp agent.
     This string will be sent as the `metadata` field in the [container process state](#containerprocessstate).
@@ -718,7 +719,7 @@ The container process state includes the following properties:
 * **`metadata`** (string, OPTIONAL) opaque metadata.
 * **`state`** ([state](runtime.md#state), REQUIRED) is the state of the container.
 
-Example:
+Example sending `seccompFD` as the first file descriptor in the `SCM_RIGHTS` array and `pidFd` as second:
 
 ```json
 {
