cargo-sandbox icon indicating copy to clipboard operation
cargo-sandbox copied to clipboard
verified publisher icon insanitybit

Override the default seccomp profile

Open insanitybit opened this issue 3 years ago • 1 comments

I've added two new profiles in static/seccomp/. We should hook them up to the create_container API, somewhere in CreateContainerArgs probably.

insanitybit avatar Dec 31 '22 20:12 insanitybit

I've made progress on this - it turns out the Docker docs are incorrect, you need to provide the seccomp profile inline.

The bigger question is figuring out how this profile will make it to the host. Currently I have a build script that places it on disk so that I don't have to carry it around in the binary. Longer term... idk.

insanitybit avatar Feb 23 '23 16:02 insanitybit