mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 09:46:53 +01:00
40 lines
1.0 KiB
Plaintext
40 lines
1.0 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/seccomp-profiles.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="creating-custom-seccomp-profile_{context}"]
|
|
= Creating seccomp profiles
|
|
You can use the `MachineConfig` object to create profiles.
|
|
|
|
Seccomp can restrict system calls (syscalls) within a container, limiting the access of your application.
|
|
|
|
.Prerequisites
|
|
|
|
* You have cluster admin permissions.
|
|
* You have created a custom security context constraints (SCC). For more information, see _Additional resources_.
|
|
|
|
.Procedure
|
|
|
|
* Create the `MachineConfig` object:
|
|
+
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: machineconfiguration.openshift.io/v1
|
|
kind: MachineConfig
|
|
metadata:
|
|
labels:
|
|
machineconfiguration.openshift.io/role: worker
|
|
name: custom-seccomp
|
|
spec:
|
|
config:
|
|
ignition:
|
|
version: 3.2.0
|
|
storage:
|
|
files:
|
|
- contents:
|
|
source: data:text/plain;charset=utf-8;base64,<hash>
|
|
filesystem: root
|
|
mode: 0644
|
|
path: /var/lib/kubelet/seccomp/seccomp-nostat.json
|
|
---- |