Clarify how to unconditionally match a syscall

Hawk777 · petreeftime · commit 9d0b55c38c53 · 2024-03-18T13:36:56.000+01:00
This information is available elsewhere, but this seems like a useful
place to write it as well (especially for someone coming from the
`libseccomp` API, which doesn’t separate rules by syscall number in its
public API the way `seccompiler` does).

Signed-off-by: Christopher Head &lt;chead@chead.ca&gt;
diff --git a/src/backend/rule.rs b/src/backend/rule.rs
@@ -17,7 +17,9 @@ pub struct SeccompRule {
 }
 
 impl SeccompRule {
-    /// Creates a new rule. Rules with 0 conditions are not allowed.
+    /// Creates a new rule. Rules with 0 conditions are not allowed; to match a syscall regardless
+    /// of argument values, map the syscall number to an empty vector of rules when constructing
+    /// the [`SeccompFilter`](super::SeccompFilter) instead.
     ///
     /// # Arguments
     ///
