.metadata .annotations ."container.seccomp.security.alpha.kubernetes.io/pod"

Seccomp profiles for OpenShift set minimum privilege and secure against unknown threats

Seccomp is a system call filtering facility in the Linux kernel which lets applications define limits on system calls they may make, and what should happen when system calls are made. Seccomp is used to reduce the attack surface available to applications. source

Specify a Seccomp profile for all containers of the Pod:

seccomp.security.alpha.kubernetes.io/pod

Specify a Seccomp profile for an individual container:

container.seccomp.security.alpha.kubernetes.io/${container_name}

Try it on Katacoda

Built with by controlplane