Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Customize seccomp profile #3158

Open
jopemachine opened this issue Nov 28, 2024 · 0 comments
Open

Customize seccomp profile #3158

jopemachine opened this issue Nov 28, 2024 · 0 comments
Labels
type:feature Add new features

Comments

@jopemachine
Copy link
Member

jopemachine commented Nov 28, 2024
edited
Loading

Main idea

As a follow-up to #3019, let's extend the functionality to enable selecting seccomp profiles other than default-profile.json.
For example, this feature could be useful if you want to block specific syscalls within a specific container, rather than allowing extra syscalls.

Of course, with the logic from #3019, modifying default-seccomp.json would allow blocking specific system calls.
However, in this case, the changes to the seccomp profile would affect all containers.

Alternative ideas

No response

Anything else?

No response
@jopemachine jopemachine added the type:feature Add new features label Nov 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:feature Add new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jopemachine