Default docker seccomp profile not applied
64 views
Skip to first unread message
Dhawal Patel
Jun 29, 2016, 2:27:05 PM6/29/16
to CoreOS Dev
Docker Engine v1.10 onwards runs with a default Seccomp profile. And so when i inspect SecurityOpt on my containers, i see SecurityOpt=<no value>:
Any idea why my containers are running as "seccomp:unconfined"?
docker ps --quiet | xargs docker inspect --format '{{ .Id }}: SecurityOpt={{.HostConfig.SecurityOpt }}'
eed533e68c512073ec765f26cd95b11f771e352a842ebae: SecurityOpt=<no value>However, when I inspect SecurityOpt on CoreOS (running k8s on CoreOS), i see all containers running as SecurityOpt=[seccomp:unconfined].
When I lookup the docker daemon process, i don't see any --security-opt option:
docker daemon --host=fd:// --exec-opt native.cgroupdriver=systemd --bip=10.1.50.1/24 --mtu=8951 --ip-masq=false --selinux-enabledAny idea why my containers are running as "seccomp:unconfined"?
docker version: 1.10.3
CoreOS version: 1068.3.0
k8s version: 1.2.4
Ivan
Jul 11, 2016, 7:11:26 PM7/11/16
to CoreOS Dev
You containers are running as "seccomp:unconfined" because seccomp support have been disabled since 948.1.0 due to the Docker failures at runtime(https://github.com/coreos/coreos-overlay/pull/1763/commits/312b2f40b3feee7cbc8c0c9156bf21ed82a4f288). We are considering to enable it soon.
Reply all
Reply to author
Forward
0 new messages