Aneek Bera:
For 10th question of Seccomp lab we have this:
:alphabet-yellow-q:. Create a new pod called audit-nginx using the nginx image and make use of the audit.json seccomp profile in the pod's security context.
The audit.json file is already present in the default seccomp profile path in the controlplane node.
. Here is the yaml file:
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: audit-nginx
spec:
securityContext:
seccompProfile:
type: Localhost
localhostProfile: profiles/audit.json
containers:
- image: nginx
name: nginx
Why localhostProfile is profiles/audit.json when the directory is /root?
-rw-rw-rw- 1 root root 40 Oct 18 13:50 audit.json
-rw-r--r-- 1 root root 3181 Aug 25 2021 .bashrc
drwx------ 2 root root 4096 Oct 20 22:20 .cache/
-rw-rw-rw- 1 root root 1658 Oct 18 13:50 custom-profile.json
drwx------ 3 root root 4096 Oct 20 22:20 .gnupg/
drwxr-xr-x 3 root root 4096 Oct 20 22:20 .kube/
-rw-r--r-- 1 root root 148 Aug 17 2015 .profile
-rw-rw-rw- 1 root root 514 Oct 18 13:50 relaxed-profile.json
drwx------ 2 root root 4096 Oct 20 22:20 .ssh/
-rw------- 1 root root 785 Oct 20 22:36 .viminfo
-rw-rw-rw- 1 root root 42 Oct 18 13:50 violation.json
root@controlplane:~# pwd
/root