Docker v1.10.0 introduces support for seccomp (and a basic default profile).
It’s not clear (I’m still trying to find out) if there is Docker Compose support for this feature at present - although its encouraging that there is already a security_opt configuration option. Update: It’s currently undocumented but a custom file can indeed be specified with this in a docker-compose file:
- seccomp: file_name
Do Rancher have any plans themselves around supporting this?
I ask as we’ll need to add specific syscalls over and above the default for a number of our services which need to mount network file systems.
Update: Seems there’s a bug too: https://github.com/docker/compose/issues/2813
Typically, when things get added to docker-compose, they need to be added to libcompose, which is the Go interpretation of compose. This is what rancher-compose is based on, so after that dependency is satisfied, then we’d most likely introduce it.
But to track it, I’d recommend creating a specific Github request in Rancher for it to support when added to libcompose.
Thanks Denise, I’ll keep my eye out.
I’ll raise an issue once it’s actually working in docker-compose itself
In case anyone is wondering, the Github issue referenced above is still open and is not resolved. The undocumented directive did not work. There is no documentation around this feature being supported in compose.
@sjiveson when this becomes available can you file a rancher github issue for the feature enhancement? I’ll close this topic.