tracee icon indicating copy to clipboard operation
tracee copied to clipboard
verified publisher icon aquasecurity

[FEAT] Change user to non-root

Open yanivagman opened this issue 3 years ago • 1 comments

Prerequisites

  • [ ] This issue is an EPIC issue (add label: EPIC).
  • [ ] This issue is an EPIC TASK (add issue to EPIC description).

Select one OR another:

  • [ ] I'll create a PR to implement this feature (assign to yourself).
  • [ ] Someone else should implement this (describe it well).

Feature description

Using a root user to run tracee is unnecessary as long as we have the minimal required capabilties (PR #1202 dropped unrequired capabilities). Change user to a non-root one to reduce attack surface.

Additional Information (feature drawings, files, logs, etc)

yanivagman avatar Jul 07 '22 21:07 yanivagman

Not beeing a privileged user might require to lower the perf_event_paranoid threshold applied in PR #2033 . I can work on this issue if you want.

cdelzotti avatar Aug 10 '22 07:08 cdelzotti