I saw that there is two ways to setup a seccomp profile into docker, the first one by adding it to the configuration file of the docker daemon :
{
"seccomp-profile": "/etc/docker/profile.json",
...
}
But we can also add it directly when using docker run like such:
$ docker run --rm \
-it \
--security-opt seccomp=/path/to/seccomp/profile.json \
hello-world
What I can't really get my head around is that, is there a difference? is it already setup for all containers if it's already in the daemon config file? How can I verify it?
If you want to apply that profile to all containers on the host, then both options should achieve the same result.
Changing the default seccomp profile for Docker is however not recommended. Instead, it is preferable to overwrite it on a per-container basis, as in your second example.