Container instances - Seccomp profile not supported

[williamjeanmireault]

Hi, I've been trying to deploy a confidential container using a seccomp profile: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerinstance/2023-05-01/containergroups?pivots=deployment-language-bicep#securitycontextdefinition

Everything works great until I supply the base-64 encoded seccompProfile to the securityContext of the container. Whenever I do, I get the following error for all available API versions:

{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.Resources/deployments/azuredeploy","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"SecurityContextNotSupported","message":"Some SecurityContext properties in container 'XXX' is not supported. Only the \"Privileged\" flag is supported."}]}}

So my question is: Is there a reason why supplying the seccompProfile causes this issue and how can I fix it? Nothing seems to indicate that only the 'Privileged' flag is supported in the documentation and I couldn't find anything related to this issue/requirements to use this flag.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 6bc2cd32-862c-bc3b-467b-1f5332e5c2b4
• Version Independent ID: 6bc2cd32-862c-bc3b-467b-1f5332e5c2b4
• Content: Microsoft.ContainerInstance/containerGroups 2023-05-01 - Bicep, ARM template & Terraform AzAPI reference
• Content Source: arm-schema-ref/Microsoft.ContainerInstance/2023-05-01/containerGroups.md
• Service: azure-resource-manager
• GitHub Login: @tfitzmac
• Microsoft Alias: tomfitz

[LatentDream]

+1

[PesalaPavan]

@williamjeanmireault Thanks for your feedback! We will investigate and update as appropriate.

[Naveenommi-MSFT]

@williamjeanmireault Thank you for reaching us. If you need help with this to gain a better understanding of your issue, I'd recommend working closer with our support team via an Azure support request. Or you can leverage our Q&A forum by posting your issue there so our community, and MVPs can further assist you in troubleshooting this issue or finding potential workarounds. Teams Q&A forum for technical questions about the configuration and administration of Microsoft Teams on Windows. Microsoft Teams Community forum