Azure Container Instances
An Azure service that provides customers with a serverless container experience.
711 questions
ACI - How to deploy a confidential container with seccomp profile
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 0%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWJ%3C/text%3E%3C/svg%3E)
William Jean Mireault
0
Reputation points
Hi, I've been trying to deploy a confidential container using a seccomp profile: https://video2.skills-academy.com/en-us/azure/templates/microsoft.containerinstance/2023-05-01/containergroups?pivots=deployment-language-bicep#securitycontextdefinition
Everything works great until I supply the base-64 encoded seccompProfile to the securityContext of the container. Whenever I do, I get the following error for all available API versions:
{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.Resources/deployments/azuredeploy","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"SecurityContextNotSupported","message":"Some SecurityContext properties in container 'XXX' is not supported. Only the \"Privileged\" flag is supported."}]}}
So my question is: Is there a reason why supplying the seccompProfile causes this issue and how can I fix it? Nothing seems to indicate that only the 'Privileged' flag is supported in the documentation and I couldn't find anything related to this issue/requirements to use this flag.
{count} votes
-
Prrudram-MSFT 24,916 Reputation points2024-07-26T10:33:15.8+00:00 Thank you for reaching out to the Microsoft Q&A platform.
I understand you are trying to deploy a confidential container using a seccomp profile, but you are encountering an error when supplying the base-64 encoded seccompProfile to the securityContext of the container. The error message you received indicates that some SecurityContext properties in the container are not supported, and only the "Privileged" flag is supported.
Based on the error message you received, it seems that the Azure Container Instances service does not support the use of seccomp profiles in the securityContext of the container. The only supported SecurityContext property is the "Privileged" flag.
I apologize for any confusion this may have caused. The documentation you referenced does not mention any limitations on the use of seccomp profiles in the securityContext of the container. I will make sure to pass this feedback along to the appropriate team to update the documentation accordingly.
In the meantime, if you need to use a seccomp profile with your container, you may want to consider using a different container service that supports this feature.
Please let me know if you have any other questions or if there is anything else I can help you with
Sign in to comment
Sign in to answer