Source: dzone.com
Hardening Docker Container Using Seccomp Security ProfileCategory: Docker, firewall
Secure Computing Mode, also known as Seccomp, is a Linux kernel feature that improves several security features to help run Docker in a more secure environment. It is more like a sandbox environment that not only acts as a firewall for syscalls but also enables you to restrict the actions available within the Docker containers to the host’s Linux kernel. In this guide, you will learn how to run a container with and without the Seccomp profile.
Now there are a couple of ways to run Docker container with a Seccomp profile, either you can run a docker container with the default profile through the command line, or specify a specific custom profile in .json format, or you can specify your Seccomp profile in Daemon configuration file.
For some reason, if you wish to run a container without Seccomp profile, then you can override this by using --security-opt flag with unconfined flag: To see if your Docker container runs without Seccomp profile, use this: You will see Seccomp: 0, which means the container is running without the default Seccomp profile.
Now there are a couple of ways to run Docker container with a Seccomp profile, either you can run a docker container with the default profile through the command line, or specify a specific custom profile in .json format, or you can specify your Seccomp profile in Daemon configuration file.
For some reason, if you wish to run a container without Seccomp profile, then you can override this by using --security-opt flag with unconfined flag: To see if your Docker container runs without Seccomp profile, use this: You will see Seccomp: 0, which means the container is running without the default Seccomp profile.
Related Articles
Community Partners
DevOps Careers