Exam4Training

memory?

Will this Linux kernel facility limit a Docker container’s access to host resources, such as CPU or

memory?

Solution: seccomp
A . Yes
B . No

Answer: A

Explanation:

= Seccomp is a Linux kernel feature that allows you to restrict the actions available within the container. By using a seccomp profile, you can limit the system calls that a container can make, thus enhancing its security and isolation. Docker has a default seccomp profile that blocks some potentially dangerous system calls, such as mount, reboot, or ptrace. You can also pass a custom seccomp profile for a container using the –security-opt option. Seccomp can limit a container’s access to host resources, such as CPU or memory, by blocking or filtering system calls that affect those resources, such as setpriority, sched_setaffinity, or mlock.

Reference: Seccomp security profiles for Docker

Hardening Docker Container Using Seccomp Security Profile

Latest DCA Dumps Valid Version with 55 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version