Security implications of `--cap-add=SYS_PTRACE --security-opt seccomp=unconfined`? (needed for rr)

janx · May 4, 2018, 12:16pm

See also: https://github.com/JanitorTechnology/janitor/pull/315

TL;DR: This doesn’t really answer the question, but maybe we don’t need to use seccomp=unconfined to enable rr support after all. Enabling just the syscalls ptrace and perf_event_open should be enough (in combination with adding CAP_SYS_PTRACE).

As you can see in the list of blocked syscalls, the security implications of enabling just ptrace and perf_event_open seem to be “only” leaking host information, whereas enabling all syscalls with an unconfined seccomp sounds a lot more dangerous.

Topic		Replies	Views
Under what conditions can the ptrace syscall be allowed without affecting security? General security	0	1941	June 3, 2019
boot2docker (Mac OS X) 1.10 failing ptrace/gdb Machine	3	3838	March 1, 2016
Gwtc java.io.IOException: operation not permitted - seccomp General	2	2106	May 20, 2016
Unable to get seccomp=unconfined working via API Docker Desktop macos	2	1752	November 12, 2018
OWASP Docker Security Cheat Sheet General security , tutorial , tips	1	3369	October 6, 2023

Security implications of `--cap-add=SYS_PTRACE --security-opt seccomp=unconfined`? (needed for rr)

Related topics