openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

BZ-2010564 Creating intitial submit

Browse Source
This commit is contained in:
Kevin Quinn
2022-08-16 17:24:40 +01:00
committed by openshift-cherrypick-robot
parent 98e4638879
commit fc3f038127
2 changed files with 110 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
security/seccomp-profiles.adoc
View File

@@ -7,13 +7,11 @@ include::_attributes/common-attributes.adoc[]
toc::[]
An {product-title} container or a pod runs a single application that performs one or more well-defined tasks. The application usually requires only a small subset of the underlying operating system kernel APIs.
Seccomp, secure computing mode, is a Linux kernel feature that can be used to limit the process running in a container to only call a subset of the available system calls. These system calls can be configured by creating a profile that is applied to a container or pod.
Seccomp profiles are stored as JSON files on the disk.
Secure computing mode, seccomp, is a Linux kernel feature that can be used to limit the process running in a container to only using a subset of the available system calls.
[IMPORTANT]
====
OpenShift workloads run unconfined by default, without any seccomp profile applied.
====
The `restricted-v2` SCC applies to all newly created pods in {product-version}. The default seccomp profile `runtime/default` is applied to these pods.
Seccomp profiles are stored as JSON files on the disk.
[IMPORTANT]
====