Workload misconfigurations

Ensure that a daemon-wide custom seccomp profile is applied if appropriate (Manual)

Risk Level

Informational (4)

  • N/A

Compliance Frameworks


You can choose to apply a custom seccomp profile at a daemon-wide level if needed with this overriding Docker's default seccomp profile.
  • Recommended Mitigation

    By default, Docker's default seccomp profile is applied. If this is adequate for your environment, no action is necessary. Alternatively, if you choose to apply your own seccomp profile, use the --seccomp-profile flag at daemon start or put it in the daemon runtime parameters file: dockerd --seccomp-profile </path/to/seccomp/profile>