You containers are running as "seccomp:unconfined" because seccomp support
have been disabled since 948.1.0 due to the Docker failures at
runtime(https://github.com/coreos/coreos-overlay/pull/1763/commits/312b2f40b3feee7cbc8c0c9156bf21ed82a4f288).
We are considering to enable it soon.
On Wednesday, June 29, 2016 at 11:27:05 AM UTC-7, Dhawal Patel wrote:
>
> Docker Engine v1.10 onwards runs with a default Seccomp profile. And so
> when i inspect SecurityOpt on my containers, i see SecurityOpt=<no value>:
>
>
> docker ps --quiet | xargs docker inspect --format '{{ .Id }}:
> SecurityOpt={{.HostConfig.SecurityOpt }}'
>
> eed533e68c512073ec765f26cd95b11f771e352a842ebae: SecurityOpt=<no value>
>
>
>
> However, when I inspect SecurityOpt on CoreOS (running k8s on CoreOS), i
> see all containers running as SecurityOpt=[seccomp:unconfined].
>
> When I lookup the docker daemon process, i don't see any --security-opt
> option:
>
>
> docker daemon --host=fd:// --exec-opt native.cgroupdriver=systemd --bip=
> 10.1.50.1/24 --mtu=8951 --ip-masq=false --selinux-enabled
>
> Any idea why my containers are running as "seccomp:unconfined"?
>
> docker version: 1.10.3
> CoreOS version: 1068.3.0
> k8s version: 1.2.4
>
>
>
>
>
>
>
>
>
>
