fluentd-kubernetes-daemonset
fluentd-kubernetes-daemonset copied to clipboard
Fluentd security impact with root user
Docker provides a privileged mode, which lets a container run as ‘root’. Running a container in privileged mode provides the capabilities of that host—including:
Root access to all devices Ability to tamper with Linux security modules like AppArmor and SELinux Ability to install a new instance of the Docker platform, using the host's kernel capabilities, and run Docker within Docker. Privileged containers create a major security risk—enabling attackers to easily escalate privileges if the container is compromised. Therefore, it is not recommended to use privileged containers in a production environment. Best of all, never use them in any environment.
This is extremely important to mitigate vulnerabilities in daemons and container runtimes, which can grant root access of entire nodes and clusters to an attacker.
Earlier there was a thread but no outcome came in that https://github.com/fluent/fluentd-kubernetes-daemonset/issues/420
Please provide some solution to resolve this so that fluentd with non-root user can work in a similar way without keeping the security on risk.
Reference link for Docker security guidelines https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html