Description
Moby allows ptrace(2) by default for kernel >= 4.8:
https://github.com/moby/moby/blob/v20.10.14/profiles/seccomp/default_linux.go#L393-L399
containerd does not: https://github.com/containerd/containerd/blob/main/contrib/seccomp/seccomp_default.go
Steps to reproduce the issue
- See the code above
Describe the results you received and expected
received: ptrace(2) is allowed only when CAP_SYS_PTRACE is granted
expected: ptrace(2) should be allowed by default for kernel >= 4.8
What version of containerd are you using?
1.6.2
Any other relevant information
No response
Show configuration if it is related to CRI plugin.
No response
Description
Moby allows
ptrace(2)by default for kernel >= 4.8:https://github.com/moby/moby/blob/v20.10.14/profiles/seccomp/default_linux.go#L393-L399
containerd does not: https://github.com/containerd/containerd/blob/main/contrib/seccomp/seccomp_default.go
Steps to reproduce the issue
Describe the results you received and expected
received:
ptrace(2)is allowed only whenCAP_SYS_PTRACEis grantedexpected:
ptrace(2)should be allowed by default for kernel >= 4.8What version of containerd are you using?
1.6.2
Any other relevant information
No response
Show configuration if it is related to CRI plugin.
No response