Default Seccomp Profile Disabled
- Query id: 404fde2c-bc4b-4371-9747-7054132ac953
- Query name: Default Seccomp Profile Disabled
- Platform: DockerCompose
- Severity: Medium
- Category: Resource Management
- URL: Github
Description¶
Seccomp offers a whitelist of common system calls, blocking all others. Having less kernel exposed to an app then increases security.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
version: "3.8"
services:
demo:
image: not/a/real/image
cap_add:
- SYS_PTRACE
volumes:
- type: volume
source: not-a-real-source-docker
target: /var/lib/docker
security_opt:
- label:seccomp:unconfined
volumes:
not-a-real-source-docker:
Positive test num. 2 - yaml file
version: "3.9"
networks:
backend:
services:
example:
build: .
security_opt:
- seccomp:unconfined
networks:
- backend
ports:
- "5002:5002"