Seccomp policies disabled
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Containers are running without a Seccomp profile, allowing processes inside the container to bypass kernel syscall restrictions. This configuration weakens container isolation and security controls.
Impact#
Attackers who gain access to the container can execute unrestricted system calls, increasing the risk of container escapes, privilege escalation, and compromise of the underlying host or other workloads.
Resolution#
Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards