mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 09:46:53 +01:00
30 lines
770 B
Plaintext
30 lines
770 B
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/security_profiles_operator/spo-advanced.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="spo-base-syscalls_{context}"]
|
|
= Base syscalls for a container runtime
|
|
|
|
You can use the `baseProfileName` attribute to establish the minimum required `syscalls` for a given runtime to start a container.
|
|
|
|
.Procedure
|
|
|
|
* Edit the `SeccompProfile` kind object and add `baseProfileName: runc-v1.0.0` to the `spec` field:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: security-profiles-operator.x-k8s.io/v1beta1
|
|
kind: SeccompProfile
|
|
metadata:
|
|
namespace: my-namespace
|
|
name: example-name
|
|
spec:
|
|
defaultAction: SCMP_ACT_ERRNO
|
|
baseProfileName: runc-v1.0.0
|
|
syscalls:
|
|
- action: SCMP_ACT_ALLOW
|
|
names:
|
|
- exit_group
|
|
----
|