All syscalls
All syscalls
Posted 
By
1 min read
**Learn about syscalls and seccomp’’
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Each and every syscall explained
grep -w 35 /usr/include/asm/unistd_64.h
#define __NR_nanosleep 35
# Create seccomp profiles in a "default" location
sudo mkdir -p /var/lib/kubelet/seccomp/profiles
sudo touch /var/lib/kubelet/seccomp/profiles/audit.json
sudo touch /var/lib/kubelet/seccomp/profiles/violation.json
# Allow logging
sudo cat /var/lib/kubelet/seccomp/profiles/audit.json
{
"defaultAction": "SCMP_ACT_LOG"
}
# Disable use of any syscall by default
sudo cat /var/lib/kubelet/seccomp/profiles/violation.json
{
"defaultAction": "SCMP_ACT_ERRNO"
}
This post is licensed under CC BY 4.0 by the author.