You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/cri/config.md
+8-2Lines changed: 8 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -97,8 +97,14 @@ version = 2
97
97
# when using containerd with Kubernetes <=1.11.
98
98
disable_proc_mount = false
99
99
100
-
# unsetSeccompProfile is the profile containerd/cri will use if the provided seccomp profile is
101
-
# unset (`""`) for a container (default is `unconfined`)
100
+
# unset_seccomp_profile is the seccomp profile containerd/cri will use if the seccomp
101
+
# profile requested over CRI is unset (or nil) for a pod/container (otherwise if this field is not set the
102
+
# default unset profile will map to `unconfined`)
103
+
# Note: The default unset seccomp profile should not be confused with the seccomp profile
104
+
# used in CRI when the runtime default seccomp profile is requested. In the later case, the
105
+
# default is set by the following code (https://github.com/containerd/containerd/blob/master/contrib/seccomp/seccomp_default.go).
106
+
# To summarize, there are two different seccomp defaults, the unset default used when the CRI request is
107
+
# set to nil or `unconfined`, and the default used when the runtime default seccomp profile is requested.
102
108
unset_seccomp_profile = ""
103
109
104
110
# 'plugins."io.containerd.grpc.v1.cri".containerd' contains config related to containerd
0 commit comments