Skip to content

Runtime SeccompProfilePath #98

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
10 tasks
xibz opened this issue Feb 7, 2019 · 0 comments
Open
10 tasks

Runtime SeccompProfilePath #98

xibz opened this issue Feb 7, 2019 · 0 comments
Labels
area/cri

Comments

@xibz
Copy link
Contributor

xibz commented Feb 7, 2019

  • runtime should not block setting host name with unconfined seccomp and SYS_ADMIN
  • should support seccomp unconfined on the container
  • should support seccomp default which is unconfined on the container
  • runtime should support setting hostname with docker/default seccomp profile and SYS_ADMIN
  • runtime should support an seccomp profile that blocks setting hostname with SYS_ADMIN
  • runtime should block sethostname with docker/default seccomp profile and no extra caps
  • should support seccomp localhost/profile on the container
  • runtime should not support a custom seccomp profile without using localhost/ as a prefix
  • runtime should ignore a seccomp profile that blocks setting hostname when privileged
  • should support seccomp docker/default on the container
@xibz xibz added this to the CRI milestone Feb 7, 2019
@xibz xibz mentioned this issue Feb 7, 2019
Open
@xibz xibz removed this from the CRI milestone Feb 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/cri
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@samuelkarp @xibz