insanitybit
commented
1 year ago I've made progress on this - it turns out the Docker docs are incorrect, you need to provide the seccomp profile inline.
The bigger question is figuring out how this profile will make it to the host. Currently I have a build script that places it on disk so that I don't have to carry it around in the binary. Longer term... idk.
I've added two new profiles in
static/seccomp/. We should hook them up to thecreate_containerAPI, somewhere inCreateContainerArgsprobably.