You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this PR the seccomp profile for the artifact-gc, agent and resource containers was set to RuntimeDefault.
In the discussion it was noted that it should be possible to create a specific seccomp profile for the containers named above, as all syscalls these would do are known beforehand.
This would increase the security for these containers, as if an attacker manages to get control over one of these containers only the defined set of syscalls could be executed.
Message from the maintainers:
Love this feature request? Give it a 👍. We prioritise the proposals with the most 👍.
The text was updated successfully, but these errors were encountered:
Summary
Folllow-up to #12984 (comment).
In this PR the seccomp profile for the
artifact-gc
,agent
andresource
containers was set to RuntimeDefault.In the discussion it was noted that it should be possible to create a specific seccomp profile for the containers named above, as all syscalls these would do are known beforehand.
Documentation
Use Cases
This would increase the security for these containers, as if an attacker manages to get control over one of these containers only the defined set of syscalls could be executed.
Message from the maintainers:
Love this feature request? Give it a 👍. We prioritise the proposals with the most 👍.
The text was updated successfully, but these errors were encountered: