Issue
I'm investigating about kernel security using Docker. I'm testing seccomp and it works very well on Debian and Ubuntu, but It's not working on Kali Linux.
Example:
I created a simple json file called sec.json
with this content:
{
"defaultAction": "SCMP_ACT_ALLOW",
"syscalls": [
{
"name": "mkdir",
"action": "SCMP_ACT_ERRNO"
}
]
}
It' suppossed that running a container using seccomp and this file will produce that you are not able to use mkdir
command inside the container. This is the docker run command:
docker run --rm -ti --security-opt seccomp=/path/to/sec.json ubuntu:xenial sh
As I said it works very well on Debian and Ubuntu, but on Kali Linux I got this error:
docker: Error response from daemon: linux seccomp: seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile.
My docker-engine version is 17.05.0-ce
and my Kernel is 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 GNU/Linux
. I googled about this and is quite strange. It is suppossed that seccomp is supported if you can check this:
cat /boot/config-`uname -r` | grep CONFIG_SECCOMP=
I got as a result:
CONFIG_SECCOMP=y
So it's suppossed that it's supported. What am I missing or what is the explanation about this is not working on Kali? Thanks.
Solution
Ok I found this post. I'll try to answer myself:
https://github.com/moby/moby/issues/26497
Is quite similar. I checked my docker info
output and on Ubuntu and Debian I have the Security Options: seccomp
and I have nothing on Kali.
The possible explanation is the libseccomp2
package which contains the needed library is too old. Maybe if the Kali staff update the library it could be supported.
Answered By - OscarAkaElvis Answer Checked By - David Goodson (WPSolving Volunteer)