containers/podman-seccomp.json

{
  "defaultAction": "SCMP_ACT_ALLOW",
  "syscalls": [
    {
      "names": [
        "keyctl",
        "syslog",
        "mknod",
        "mknodat",
        "pkey_mprotect",
        "kexec_load",
        "open_by_handle_at",
        "init_module",
        "finit_module",
        "delete_module",
        "bpf"
      ],
      "action": "SCMP_ACT_ERRNO",
      "args": [],
      "comment": "Deny potentially risky syscalls that could impact system integrity",
      "includes": {},
      "excludes": {}
    }
  ]
}
chore: adding backlog of additions 2024-11-03 20:28:20 +00:00			`{`
			`"defaultAction": "SCMP_ACT_ALLOW",`
			`"syscalls": [`
			`{`
			`"names": [`
			`"keyctl",`
			`"syslog",`
			`"mknod",`
			`"mknodat",`
			`"pkey_mprotect",`
			`"kexec_load",`
			`"open_by_handle_at",`
			`"init_module",`
			`"finit_module",`
			`"delete_module",`
			`"bpf"`
			`],`
			`"action": "SCMP_ACT_ERRNO",`
			`"args": [],`
			`"comment": "Deny potentially risky syscalls that could impact system integrity",`
			`"includes": {},`
			`"excludes": {}`
			`}`
			`]`
			`}`