-
**Is your feature request related to a problem? Please describe**.
Improve zero day exploit protections for containers running untrusted code
**Describe the solution you'd like**.
Ability t…
-
Docker now has the ability to set seccomp profiles on a container (https://github.com/docker/docker/pull/17989),
however, writing a custom profile can be tedious, and leads to a lot
of repetition if…
-
I think we need to rework the approach towards seccomp because the stub workaround I came up earlier this year in opencontainers/runc#2750 seems to not be doing a great job of solving the problem (may…
-
### NCC-E003660-UCG: Weaknesses in Pod Security Standards Restricted Profile
This issue was reported in the [Kubernetes 1.24 Security Audit Report](https://github.com/kubernetes/sig-security/blob/mai…
-
When this project first began, it focused on enumerating binaries' capabilities. It's since grown in two ways:
- We've shifted capability detection to focus on those that may be used maliciously
-…
-
## Issue description
Unable to use seccomp profiles with docker
## Steps to reproduce
### download default seccomp profile and try to run it
``` sh
wget https://raw.githubusercontent.com/…
-
First of all, great project, love it. I built a similar proof of concept in https://github.com/imjasonh/seccomp-profile which I can now archive and point to this much better replacement 🎉
One thin…
-
### Discussed in https://github.com/privacyguides/privacyguides.org/discussions/1364
Originally posted by **rusty-snake** May 31, 2022
**Name**: crabsecco
**Repository**: https://codeberg.org…
-
Add the security options to the `nerdctl run`.
- [x] [Seccomp security profiles for Docker](https://docs.docker.com/engine/security/seccomp/)
- [x] [AppArmor security profiles for Docker](https:…
-
Hi,
I've noticed that on my systems (fedora, debian, alpine) it's possible to get network admin privileges in a user namespace within a container:
```
$ podman run --rm -ti docker.io/alpine
/ # …