5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitions

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Enable default seccomp profile in your pod definitions.


Seccomp (secure computing mode) is used to restrict the set of system calls applications can make, allowing cluster administrators greater control over the security of workloads running in the cluster. Kubernetes disables seccomp profiles by default for historical reasons. You should enable it to ensure that the workloads have restricted actions available within the container.


If the default seccomp profile is too restrictive for you, you will need to create and manage your own seccomp profiles.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


To enable the default seccomp profile, use the reserved value /runtime/default that will make sure that the pod uses the default policy available on the host.

Default Value:

By default, seccomp profile is set to unconfined which means that no seccomp profiles are enabled.

See Also