Open
Description
What is the problem you're trying to solve
When running a container which requires a custom (seccomp) security profile this needs to be stored in a separate file. It would be nice if this can be stored as part of the docker-compose.yml like all other container runtime configuration.
Describe the solution you'd like
The profile probably should be in a shared section so it can be reused, similar to volumes:
...
security_opt:
- "seccomp=custom"
seccomp_profiles:
custom: |
{
"defaultAction": "SCMP_ACT_ERRNO",
"syscalls": [
{
"name": "accept",
"action": "SCMP_ACT_ALLOW",
"args": null
},
...
}
Maybe we can make this much more generic, and basically add a generic "config file storage":
...
security_opt:
- "seccomp=my-seccomp-profile.json"
files:
name: my-seccomp-profile.json
content: |
{
"defaultAction": "SCMP_ACT_ERRNO",
Additional context