Seccomp Profiles

You can define Kubernetes seccomp profiles that can be included in a Pod Security Standards Profile. Seccomp profiles list the system calls that the pod is able to execute. Deployment rules that use the Pod security profile (with the seccomp profile) will check whether the pod complies with the profile. They can also enforce the profile by modifying the pod to conform to the profile.

Create Seccomp profile

Create seccomp profiles in the POD STANDARDS tab.

  1. Click Seccomps (on the right).
  1. Click New Seccomp profile.
  1. Enter a name for the profile.
  2. Enter details for the seccomp policy as a JSON block, and then click FINISH.
    For example:
    "defaultAction": "SCMP_ACT_LOG", <--- Default action is to log/detect the system call
    "architectures": [
    "syscalls": [
            "names": [
            "action": "SCMP_ACT_ALLOW" <------------- Allowed system calls
            "names": [
            "action": "SCMP_ACT_ERRNO" <------------- Blocked system calls

Use Seccomp policies in an Pod Profile

  1. Select the POD Security Standards Profile (or create a new one) in the POD STANDARDS tab of the POLICIES page.
  2. In STEP 2 (Properties), expand Show advance options.
  3. Scroll to the Seccomp Profile section (near the bottom), and select a Seccomp profile from the list (or, optionally, click Create new, to create a new Seccomp profile, using the procedure described above).
  1. Click FINISH.