Support of parameters IPC & SECCOMP with docker service

Hi Members ,

I am starting with my first project with Docker on ARM based embedded target
& this is my first post in forum

  • Can members please let me know if we can launch container using docker service
    with parameters like IPC & SECCOMP ?

  • We currently are running our container with docker run
    docker run --env-file container-environment-files.txt
    –security-opt seccomp:unconfined
    –cpus 0.5 --cpuset-cpus 4
    –name container_${index}
    –ipc=host
    -itd hsm-container-image /opt/database/${PARTITION}/launch-n-wait.sh &

Since we wanted to have docker orchestration supported , i started with docker service command.
But unable to find proper explanation / sample to pass IPC & SECCOMP to docker service .

Any pointers / link / comment if this can be done or there’s any other approach where the
above said configuration may help .

Thanks ,
Ashish Mishra.

Hi Members ,
Any input on the same , i am looking to have SECCOMP feature with docker service .

I am able to get this with docker run , but since we are evaluating docker swarm we are
trying with docker service approach to launch container

Thanks ,
Ashish Mishra.

You might want to take a look at https://github.com/moby/moby/issues/25303.

Hi Members ,
Based on my understanding it seems --credential-spec is used for gMSA which mostly for windows containers
Since in my use case , we want to have ubuntu containers with seccom unconfined , --credential-spec may not be directly usable .

Is my understanding correct or if members can point me any to any pointers for the same

Thanks,
Ashish