Merge pull request #50881 from jayeshmahajan/jm/hi-example-pods-security-sec-profiles

k8s-ci-robot · web-flow · commit bae62dfac35e · 2025-05-12T23:17:16.000-07:00
[hi] add example pod ecurity/seccomp/profiles
diff --git a/content/hi/examples/pods/security/seccomp/profiles/audit.json b/content/hi/examples/pods/security/seccomp/profiles/audit.json
@@ -0,0 +1,3 @@
+{
+    "defaultAction": "SCMP_ACT_LOG"
+}
diff --git a/content/hi/examples/pods/security/seccomp/profiles/fine-grained.json b/content/hi/examples/pods/security/seccomp/profiles/fine-grained.json
@@ -0,0 +1,69 @@
+{
+    "defaultAction": "SCMP_ACT_ERRNO",
+    "architectures": [
+        "SCMP_ARCH_X86_64",
+        "SCMP_ARCH_X86",
+        "SCMP_ARCH_X32"
+    ],
+    "syscalls": [
+        {
+            "names": [
+                "accept4",
+                "epoll_wait",
+                "pselect6",
+                "futex",
+                "madvise",
+                "epoll_ctl",
+                "getsockname",
+                "setsockopt",
+                "vfork",
+                "mmap",
+                "read",
+                "write",
+                "close",
+                "arch_prctl",
+                "sched_getaffinity",
+                "munmap",
+                "brk",
+                "rt_sigaction",
+                "rt_sigprocmask",
+                "sigaltstack",
+                "gettid",
+                "clone",
+                "bind",
+                "socket",
+                "openat",
+                "readlinkat",
+                "exit_group",
+                "epoll_create1",
+                "listen",
+                "rt_sigreturn",
+                "sched_yield",
+                "clock_gettime",
+                "connect",
+                "dup2",
+                "epoll_pwait",
+                "execve",
+                "exit",
+                "fcntl",
+                "getpid",
+                "getuid",
+                "ioctl",
+                "mprotect",
+                "nanosleep",
+                "open",
+                "poll",
+                "recvfrom",
+                "sendto",
+                "set_tid_address",
+                "setitimer",
+                "writev",
+                "fstatfs",
+                "getdents64",
+                "pipe2",
+                "getrlimit"
+            ],
+            "action": "SCMP_ACT_ALLOW"
+        }
+    ]
+}
diff --git a/content/hi/examples/pods/security/seccomp/profiles/violation.json b/content/hi/examples/pods/security/seccomp/profiles/violation.json
@@ -0,0 +1,3 @@
+{
+    "defaultAction": "SCMP_ACT_ERRNO"
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{`
	`2`	`+ "defaultAction": "SCMP_ACT_LOG"`
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{`
	`2`	`+ "defaultAction": "SCMP_ACT_ERRNO"`
	`3`	`+}`