kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #35902 from windsonsea/seccyhf 

updated /tutorials/security/seccomp.md
pull/35946/head
Kubernetes Prow Robot 2022-08-13 18:58:12 -07:00 committed by GitHub
parent 3620431641 c09bf07d6c
commit 9b9cce9a68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
content/en/docs/tutorials/security/seccomp.md
View File

@ -56,7 +56,6 @@ run as `Unconfined`.
<!-- steps -->
## Download example seccomp profiles {#download-profiles}
The contents of these profiles will be explored later on, but for now go ahead
@ -64,7 +63,7 @@ and download them into a directory named `profiles/` so that they can be loaded
into the cluster.
{{< tabs name="tab_with_code" >}}
{{{< tab name="audit.json" >}}
{{< tab name="audit.json" >}}
{{< codenew file="pods/security/seccomp/profiles/audit.json" >}}
{{< /tab >}}
{{< tab name="violation.json" >}}
@ -363,7 +362,7 @@ kubectl delete service audit-pod --wait
kubectl delete pod audit-pod --wait --now
```
## Create Pod with seccomp profile that causes violation
## Create Pod with a seccomp profile that causes violation
For demonstration, apply a profile to the Pod that does not allow for any
syscalls.
@ -402,7 +401,7 @@ Clean up that Pod before moving to the next section:
kubectl delete pod violation-pod --wait --now
```
## Create Pod with seccomp profile that only allows necessary syscalls
## Create Pod with a seccomp profile that only allows necessary syscalls
If you take a look at the `fine-grained.json` profile, you will notice some of the syscalls
seen in syslog of the first example where the profile set `"defaultAction":