Will this Linux kernel facility limit a Docker container’s access to host resources, such as CPU or
memory?
Solution: seccomp
A . Yes
B . No
Answer: A
Explanation:
= Seccomp is a Linux kernel feature that allows you to restrict the actions available within the container. By using a seccomp profile, you can limit the system calls that a container can make, thus enhancing its security and isolation. Docker has a default seccomp profile that blocks some potentially dangerous system calls, such as mount, reboot, or ptrace. You can also pass a custom seccomp profile for a container using the –security-opt option. Seccomp can limit a container’s access to host resources, such as CPU or memory, by blocking or filtering system calls that affect those resources, such as setpriority, sched_setaffinity, or mlock.
Reference: Seccomp security profiles for Docker
Hardening Docker Container Using Seccomp Security Profile
Latest DCA Dumps Valid Version with 55 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund