Docker seccomp not working on Kali

I’m investigating about kernel security using Docker. I’m testing seccomp and it works very well on Debian and Ubuntu, but It’s not working on Kali Linux.

Example:

  • Detect if my app runs in Azure
  • Nginx Docker 400 Bad Request
  • Could not remove docker.io images
  • getting Docker script to load with git-bash in ConEmu/Cmder
  • Supervisor is not started into my docker container (Laravel project)
  • Debian : Using a cron task on Docker
  • I created a simple json file called sec.json with this content:

    {
        "defaultAction": "SCMP_ACT_ALLOW",
            "syscalls": [
                    {
                        "name": "mkdir",
                        "action": "SCMP_ACT_ERRNO"
                    }
                ]
    }
    

    It’ suppossed that running a container using seccomp and this file will produce that you are not able to use mkdir command inside the container. This is the docker run command:

    docker run --rm -ti --security-opt seccomp=/path/to/sec.json ubuntu:xenial sh
    

    As I said it works very well on Debian and Ubuntu, but on Kali Linux I got this error:

    docker: Error response from daemon: linux seccomp: seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile.
    

    My docker-engine version is 17.05.0-ce and my Kernel is 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 GNU/Linux. I googled about this and is quite strange. It is suppossed that seccomp is supported if you can check this:

    cat /boot/config-`uname -r` | grep CONFIG_SECCOMP=
    

    I got as a result:

    CONFIG_SECCOMP=y
    

    So it’s suppossed that it’s supported. What am I missing or what is the explanation about this is not working on Kali? Thanks.

  • Can a docker image break for different versions of Docker engine?
  • Docker container not writing to volume
  • Jenkinsfile maven plugin inside a docker container
  • How do I map volume outside C:\Users to container on Windows?
  • Kubernetes Redis HA and exposing redis to things outside of the container
  • build docker image from local (unpublished) image
  • One Solution collect form web for “Docker seccomp not working on Kali”

    Ok I found this post. I’ll try to answer myself:

    https://github.com/moby/moby/issues/26497

    Is quite similar. I checked my docker info output and on Ubuntu and Debian I have the Security Options: seccomp and I have nothing on Kali.

    The possible explanation is the libseccomp2 package which contains the needed library is too old. Maybe if the Kali staff update the library it could be supported.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.