Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define a specific Seccomp Profile to set on all containers #13045

Open
lukashankeln opened this issue May 13, 2024 · 0 comments
Open

Define a specific Seccomp Profile to set on all containers #13045

lukashankeln opened this issue May 13, 2024 · 0 comments
Labels
type/feature Feature request type/security Security related

Comments

@lukashankeln
Copy link
Contributor

Summary

Folllow-up to #12984 (comment).

In this PR the seccomp profile for the artifact-gc, agent and resource containers was set to RuntimeDefault.

In the discussion it was noted that it should be possible to create a specific seccomp profile for the containers named above, as all syscalls these would do are known beforehand.

Documentation

Use Cases

This would increase the security for these containers, as if an attacker manages to get control over one of these containers only the defined set of syscalls could be executed.

Message from the maintainers:

Love this feature request? Give it a 👍. We prioritise the proposals with the most 👍.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/feature Feature request type/security Security related
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@agilgur5 @lukashankeln