Docker seccomp not working on Kali

I’m investigating about kernel security using Docker. I’m testing seccomp and it works very well on Debian and Ubuntu, but It’s not working on Kali Linux.

Example:

  • Can't to connect to postgres container
  • new to docker,wonder how to read docker's source code?
  • How to run and install Protractor E2E tests in Docker container for Laravel?
  • Unable to access Rancher UI after installed using docker
  • CPU Higher than expected in Node running in docker
  • Docker for Windows cleanup
  • I created a simple json file called sec.json with this content:

    {
        "defaultAction": "SCMP_ACT_ALLOW",
            "syscalls": [
                    {
                        "name": "mkdir",
                        "action": "SCMP_ACT_ERRNO"
                    }
                ]
    }
    

    It’ suppossed that running a container using seccomp and this file will produce that you are not able to use mkdir command inside the container. This is the docker run command:

    docker run --rm -ti --security-opt seccomp=/path/to/sec.json ubuntu:xenial sh
    

    As I said it works very well on Debian and Ubuntu, but on Kali Linux I got this error:

    docker: Error response from daemon: linux seccomp: seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile.
    

    My docker-engine version is 17.05.0-ce and my Kernel is 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 GNU/Linux. I googled about this and is quite strange. It is suppossed that seccomp is supported if you can check this:

    cat /boot/config-`uname -r` | grep CONFIG_SECCOMP=
    

    I got as a result:

    CONFIG_SECCOMP=y
    

    So it’s suppossed that it’s supported. What am I missing or what is the explanation about this is not working on Kali? Thanks.

  • How to create a DB for MongoDB container on start up?
  • Use Php in Docker Apache
  • Docker's behavior when mounting volumes
  • Running nginx-proxy in docker with ssl
  • HEALTHCHECK of a Docker container running Celery tasks?
  • Docker inter-container communication painfully slow (Mac OS X)
  • One Solution collect form web for “Docker seccomp not working on Kali”

    Ok I found this post. I’ll try to answer myself:

    https://github.com/moby/moby/issues/26497

    Is quite similar. I checked my docker info output and on Ubuntu and Debian I have the Security Options: seccomp and I have nothing on Kali.

    The possible explanation is the libseccomp2 package which contains the needed library is too old. Maybe if the Kali staff update the library it could be supported.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.