Security compliance finding "Do not disable default seccomp profile" on OpenShift

Solution Verified - Updated -

Issue

A compliance scan reports "Do not disable default seccomp profile"; this is causing the security compliance scan to fail. The seccomp profile is disabled for the following containers:

  • Namespace: openshift-monitoring namespace
    • alertmanager
    • kube-rbac-proxy-metric
    • prom-label-proxy
  • Namespace: openshift-marketplace
    • register-sever
  • Namespace: openshift-ingress
    • router

Environment

  • OpenShift Container Platform (OCP)
    • 4.x
  • OpenShift Compliance Operator

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content