Re: #cf seccomp

Home Messages Hashtags Subgroups

Julz Friedman #8384 Hi hjinkim - the 'configurable' column in that table actually means whether you can opt in/out of the feature, not whether you can configure it (admittedly that's rather unclear!). Garden enables seccomp by default and does not allow opting out (hence it's marked as false in the configurable column), and there are no plans to change that. Although the table doesn't show it, it would also be possible - as I think you're suggesting - to allow configuring custom seccomp rules for particular containers. We don't currently have plans to allow that because it would require exposing quite a lot of new complexity to users which would be difficult given the Cloud Foundry UX (we try to hide low-level details from users), and might risk allowing users to ask for less secure rules than we would want. Do you have a particular use case in mind where you would want more configurable rules than the defaults we set out of the box? Thanks! Julz toggle quoted message Show quoted text On Thu, 29 Nov 2018 at 10:52 <hjinkim@...> wrote: Hi. As you see the image I inserted above, Currently there is no support for configurable Seccomp Filtering in CFAR Garden v1.40.0. Do you have any plan to support configurable Seccomp filtering in CFAR Garden sooner or later?
More All Messages By This Member

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.