containers/podman-seccomp.json

25 lines
No EOL
514 B
JSON

{
"defaultAction": "SCMP_ACT_ALLOW",
"syscalls": [
{
"names": [
"keyctl",
"syslog",
"mknod",
"mknodat",
"pkey_mprotect",
"kexec_load",
"open_by_handle_at",
"init_module",
"finit_module",
"delete_module",
"bpf"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
"comment": "Deny potentially risky syscalls that could impact system integrity",
"includes": {},
"excludes": {}
}
]
}