Workload misconfigurations

Ensure the default seccomp profile is not Disabled (Automated)

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

Seccomp filtering provides a means for a process to specify a filter for incoming system calls. The default Docker seccomp profile works on a whitelist basis and allows for a large number of common system calls, whilst blocking all others. This filtering should not be disabled unless it causes a problem with your container application usage.
  • Recommended Mitigation

    By default, seccomp profiles are enabled. You do not need to do anything unless you want to modify and use a modified seccomp profile.