-
### Description
Trying to use firejail to execute a login shell (for user "service").
Grateful for input on this.
### Steps to Reproduce
Firejail is set as shell.
> sudo grep serv…
-
I couldn't find the file to edit for this text:
https://kubesec.io/basics/metadata-annotations-seccomp-security-alpha-kubernetes-io-pod/
This will result in a deprecation warning on currently supp…
-
## Summary
https://github.com/concourse/concourse/issues/5677 noted that the `statx` syscall was missing from Concourse's seccomp profile for containerd. Turns out there are other syscalls allowed …
-
Hi,
I've noticed that on my systems (fedora, debian, alpine) it's possible to get network admin privileges in a user namespace within a container:
```
$ podman run --rm -ti docker.io/alpine
/ # …
-
When this project first began, it focused on enumerating binaries' capabilities. It's since grown in two ways:
- We've shifted capability detection to focus on those that may be used maliciously
-…
-
**What happened**:
The syscalls in the seccomp did not be allowed to use in pod.
We are using playwright to crawl website and I followed the [instruction](https://playwright.dev/docs/docker#crawling…
-
Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
FAILED for resource: Job.mas-inst1-pipelines.mas-deploy-job
File: /chart/deploy-mas/mas-deploy/te…
-
```console
$ sudo ./docker-slim p nginx:alpine
docker-slim[profile]: info=http.probe message='using default probe'
docker-slim[profile]: state=started
docker-slim[profile]: info=params target=ngin…
-
I think we need to rework the approach towards seccomp because the stub workaround I came up earlier this year in opencontainers/runc#2750 seems to not be doing a great job of solving the problem (may…
-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the…