-
Docker now has the ability to set seccomp profiles on a container (https://github.com/docker/docker/pull/17989),
however, writing a custom profile can be tedious, and leads to a lot
of repetition if…
-
As a user, it would be great if kube-score would add an optional check to verify if a deployment is creating pods with an unconfined AppArmor/Seccomp profile.
mrueg updated
2 months ago
-
**Is your feature request related to a problem? Please describe.**
I would like to be able to change the default seccomp profile from `Unconfined` to `RuntimeDefault`
**Describe the solution you'd…
-
I've added two new profiles in `static/seccomp/`. We should hook them up to the `create_container` API, somewhere in `CreateContainerArgs` probably.
-
### Description
I want to run local profile to be able to use Plasma file picker on Wayland.
I do have xdg-destop-portal and xdg-destop-portal-kde and xdg-destop-portal-gtk installed.
It works…
-
As mentioned in the Kubernetes seccomp graduation KEP, it would be helpful to separate the default seccomp profile based on the use runtime class: https://github.com/kubernetes/enhancements/issues/241…
-
First of all, great project, love it. I built a similar proof of concept in https://github.com/imjasonh/seccomp-profile which I can now archive and point to this much better replacement 🎉
One thin…
-
The default seccomp profile is blocking `personality(PER_LINUX|ADDR_NO_RANDOMIZE)`:
```plain
% sudo -g docker docker run --rm -ti debian bash
root@4c48e40eadb3:/# apt update && apt install -y s…
-
I couldn't find the file to edit for this text:
https://kubesec.io/basics/metadata-annotations-seccomp-security-alpha-kubernetes-io-pod/
This will result in a deprecation warning on currently supp…
-
### Description
Trying to use firejail to execute a login shell (for user "service").
Grateful for input on this.
### Steps to Reproduce
Firejail is set as shell.
> sudo grep serv…