Skip to content

seccomp is not set to Docker/Default or Runtime/Default

Description

Secure computing mode (seccomp) is a Linux kernel feature used to restrict actions available within the container. The seccomp() system call operates on the seccomp state of the calling process. The default seccomp profile provides a reliable setting for running containers with seccomp and disables non-essential system calls.

Fix - Buildtime

Kubernetes

  • Resource: Pod / Deployment / DaemonSet / StatefulSet / ReplicaSet / ReplicationController / Job / CronJob
  • Argument: securityContext: seccompProfile: type: (Optional: Kubernetes > v1.19)
    Addition of seccompProfile type: RuntimeDefault or DockerDefault

```yaml Pod apiVersion: v1 kind: Pod metadata: name: spec: containers: - name: image: securityContext: + seccompProfile: + type: RuntimeDefault or + type: DockerDefault

```yaml CronJob
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: <name>
spec:
  schedule: <>
  jobTemplate:
    spec:
      template:
        spec:
          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
               or
+              type: DockerDefault

yaml Other apiVersion: <> kind: <kind> metadata: name: <name> spec: template: spec: securityContext: + seccompProfile: + type: RuntimeDefault or + type: DockerDefault