Docker seccomp not working on Kali

I’m investigating about kernel security using Docker. I’m testing seccomp and it works very well on Debian and Ubuntu, but It’s not working on Kali Linux.

Example:

  • Porting issue with Docker
  • How can I mount a file in a container, that isn't available before first run?
  • Linux Container vs JVM
  • ELK Docker - Kibana saved objects
  • How to generate a Dockerfile from an image?
  • Not able to connect to mongodb replica set running in docker in different machine
  • I created a simple json file called sec.json with this content:

    {
        "defaultAction": "SCMP_ACT_ALLOW",
            "syscalls": [
                    {
                        "name": "mkdir",
                        "action": "SCMP_ACT_ERRNO"
                    }
                ]
    }
    

    It’ suppossed that running a container using seccomp and this file will produce that you are not able to use mkdir command inside the container. This is the docker run command:

    docker run --rm -ti --security-opt seccomp=/path/to/sec.json ubuntu:xenial sh
    

    As I said it works very well on Debian and Ubuntu, but on Kali Linux I got this error:

    docker: Error response from daemon: linux seccomp: seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile.
    

    My docker-engine version is 17.05.0-ce and my Kernel is 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 GNU/Linux. I googled about this and is quite strange. It is suppossed that seccomp is supported if you can check this:

    cat /boot/config-`uname -r` | grep CONFIG_SECCOMP=
    

    I got as a result:

    CONFIG_SECCOMP=y
    

    So it’s suppossed that it’s supported. What am I missing or what is the explanation about this is not working on Kali? Thanks.

  • How can I transfer my docker image to another computer?
  • Deployment of container-images onto docker on kubernetes
  • npm install fails in jenkins pipeline in docker
  • sbt-native-packager docker: How to add entry in /etc/hosts
  • Syn flood and net.ipv4.tcp_syncookies
  • Docker Swarm Overlay Network Communication
  • One Solution collect form web for “Docker seccomp not working on Kali”

    Ok I found this post. I’ll try to answer myself:

    https://github.com/moby/moby/issues/26497

    Is quite similar. I checked my docker info output and on Ubuntu and Debian I have the Security Options: seccomp and I have nothing on Kali.

    The possible explanation is the libseccomp2 package which contains the needed library is too old. Maybe if the Kali staff update the library it could be supported.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.