Use Linux Security Module (seccomp, AppArmor, or SELinux)

Following are the guidelines for using Linus Security Module:

• Do not disable default security profile.

• Use AppArmor to restrict programs capabilities with per-program profiles.

• Use Seccomp for filtering syscalls issued by a program.

• Use the capabilties for performing permission checks.

For Instructions on how to do this inside Kubernetes, see Security Context documentation and Kubernetes API documentation