Seccomp Unconfined Parameter

[saouddk]

Adding the seccomp:unconfined parameter is not getting passed to the container.

Parameters allow for label/apparmor however adding a parameter as: label:seccomp:unconfined does not work also.

[jahkeup]

Hello @saouddk! Thanks for the report!

Unfortunately we don't have support for the requisite seccomp parameters in the Task Definition at this time. We'll be tracking this as a feature request.

[mdkent]

+1. I'm trying to debug some issues using strace within the container and I'm stuck without this.

[briansan]

+1. Same exact reason as @mdkent, trying to debug issue with strace and failure to support seccomp=unconfined prevents this

[fractos]

Urgh. Just hit this too while trying to strace. Irritating and will set me back more time.

[ernestm]

+1 need this for msdefender to run in my container

[khuey]

Another +1. In my case I was able to work around this by modifying the Docker seccomp policy on my container instances, but it would be nice to be able to apply this only to the individual containers that need it and not to every container that runs on those instances.

[rajanski]

+1

[iamed2]

+1, in order to allow for rr on ECS

[rouralberto]

3 years from this and still no support for something like seccomp:unconfined?

[luiscarbajo23]

Still needed! Thanks 😃

[xavierraffin]

Needs it too. Thanks

I could also use a specific profile like this:

--security-opt="seccomp=profile.json"

[pamarthich]

+1

[Ichimikichiki]

Urghh are we still waiting for this.... I suppose if nobody has done it in 5 years, it's probably never going to get done.

[LCzoboriek]

Was this feature ever added? We are running into the same requirement