Docker Security Overhaul: Limit System Calls Using Seccomp

[josecelano]

Use Seccomp security profiles to restrict the actions available within the container

https://docs.docker.com/engine/security/seccomp/

Example:

# seccomp.yaml
{
  "defaultAction": "SCMP_ACT_ALLOW",
  "syscalls": [
    {
      "names": ["ptrace"],
      "action": "SCMP_ACT_KILL"
    }
  ]
}