How does Docker's "seccomp" default profile improve container security?
Correct! Well done.
Incorrect.
The correct answer is B) It restricts the set of system calls (syscalls) a containerized process can make to the kernel, blocking dangerous or unnecessary syscalls that could be used to exploit kernel vulnerabilities or escalate privileges
Correct Answer
It restricts the set of system calls (syscalls) a containerized process can make to the kernel, blocking dangerous or unnecessary syscalls that could be used to exploit kernel vulnerabilities or escalate privileges
seccomp (secure computing mode) filters allow only a whitelisted set of syscalls; Docker's default profile blocks dangerous syscalls (like certain kernel module operations) that most containerized applications never legitimately need, reducing the kernel attack surface.