Dear Docker community,
We run a web service that provides developers with pre-configured Docker containers (to develop open source projects like Firefox, Chromium, Thunderbird, Servo and more).
Some developers want to use advanced debugging tools like rr in our containers, but sometimes these don’t work by default.
rr's Docker instructions suggest the following:
simply start your container with the additional arguments
--cap-add=SYS_PTRACE --security-opt seccomp=unconfined. You should be aware of the security implications of these flags before using them.
What are the security implications of adding
seccomp=unconfined to all Docker containers, on shared infrastructure?
EDIT: Specifically, I’d like to understand what kind of havoc users could wreak with these additional capabilities: Could they break out of their containers? Spy on other containers? Execute arbitrary commands on the host? Etc.