What is a seccomp profile in Docker and how does it reduce the container attack surface?

Question

Docker Fundamentals — Hard

What is a seccomp profile in Docker and how does it reduce the container attack surface?

Accepted Answer

A seccomp profile in Docker is a Linux kernel feature filter that restricts system calls a container can make. By blocking dangerous syscalls, it reduces the attack surface by preventing unnecessary kernel operations, enhancing security.